[Samba] winbind nss info = sfu is not so much working
Jonathan C. Detert
detertj at msoe.edu
Thu Apr 27 17:38:17 GMT 2006
one problem ...
* Jonathan C. Detert <detertj at msoe.edu> [060427 12:11]:
> * Guenther Deschner <gd at samba.org> [060427 11:56]:
> > On Thu, Apr 27, 2006 at 11:21:45AM -0500, Jonathan C. Detert wrote:
> > > with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD
> > > by using winbind for authentication as well as for the source of nss info.
> > >
> > > When winbind is configured to use its own local id maps, everything
> > > works fine.
> > >
> > > But when i configure winbind to use 'ad' as the source of nss info,
> > > authentication fails, 'getent' commands return no results, and
> > > 'wbinfo -r someusername' returns nothing (though wbinfo -u and -g work
> > > correctly).
> -- snip --
> > > And here is how smb.conf looks when winbind is configed to use AD for
> > > nss:
> > > --------------
> > > winbind enum groups = yes
> > > winbind enum users = yes
> > > winbind separator = +
> > > winbind nested groups = yes
> > > winbind nss info = sfu
> > > winbind use default domain = yes
> > >
> > > idmap backend = ad
> > You still need to have the idmap ranges set so that winbind does not fall
> > into the "netlogon proxy only" mode. Does it work then?
> Yes, thanks! I don't understand that at all. What is 'netlogon proxy only'
I spoke too soon: _most_ things work now. The things which didn't work
before, are now working. However, one thing is not working:
the inability to map a uid or gid into a name.
- 'id -G detertj' works, but 'id -Gn detertj' does not.
- when i login on the console of the samba box, my shell prompt,
which would usually say 'detertj at nameofhost', says instead
'I have no name!@nameofhost'.
I can turn a name into a sid, and a sid into a uid, but not a name into
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
More information about the samba