[Samba] winbind nss info = sfu is not so much working
Guenther Deschner
gd at samba.org
Thu Apr 27 16:56:13 GMT 2006
On Thu, Apr 27, 2006 at 11:21:45AM -0500, Jonathan C. Detert wrote:
> with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD
> by using winbind for authentication as well as for the source of nss info.
>
> When winbind is configured to use its own local id maps, everything
> works fine.
>
> But when i configure winbind to use 'ad' as the source of nss info,
> authentication fails, 'getent' commands return no results, and
> 'wbinfo -r someusername' returns nothing (though wbinfo -u and -g work
> correctly).
>
> I am guessing that either there is something wrong or lacking in my config,
> or that some kind of caching is messing me up.
>
> Here is my pertinent smb.conf stuff when winbind is configed to use
> local id maps:
> --------------
> winbind enum groups = yes
> winbind enum users = yes
> winbind separator = +
> winbind nested groups = yes
> winbind use default domain = yes
>
> idmap gid = 10000-55000
> idmap uid = 10000-55000
>
> template homedir = /home/%D/%U
> template shell = /bin/bash
>
> And here is how smb.conf looks when winbind is configed to use AD for
> nss:
> --------------
> winbind enum groups = yes
> winbind enum users = yes
> winbind separator = +
> winbind nested groups = yes
> winbind nss info = sfu
> winbind use default domain = yes
>
> idmap backend = ad
You still need to have the idmap ranges set so that winbind does not fall
into the "netlogon proxy only" mode. Does it work then?
Guenther
--
Günther Deschner GPG-ID: 8EE11688
Novell / SUSE LINUX gd at suse.de
Samba Team gd at samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20060427/c5038083/attachment.bin
More information about the samba
mailing list