[Samba] Re: Enabling 'idmap backend = ad' for user auth
Gerald (Jerry) Carter
jerry at samba.org
Fri Feb 3 15:15:12 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rex Dieter wrote:
> McGlorfin wrote:
>> I'm using Samba 3.0.21a on Fedora Core 3 to authenticate against an AD
>> domain. The box running AD is Win2k3 R2, so AD has the RFC2207 schema
>> extensions applied.
>
> Really? I thought installing SFU on the domain controller is/was still
> required, no? (What's R2?)
>
>> I'm pretty sure there's an error in my smb.conf. (What else could it
>> be?) Here are the relevant entries from the global section:
>> workgroup = MYDOMAIN
>> realm = MYDOMAIN.LOCAL
>> security = ADS
>> idmap backend = ad
>> idmap uid = 300000-30000000
>> idmap gid = 300000-30000000
> ...
>> winbind nss info = template, sfu
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Not absolutely sure, but docs I've seen say to set this to
> winbind nss info = sfu
> Not sure what the template bit is used for.
I assume template would be for the standard 'template homedir', et. al.
otpions. But we don't actually check for that value in the source
code that I can tell.
Gunether,
Why is 'winbind nss info' a list ? We only ever check for "sfu".
Were you thinking of chaining options
cheers, jerry
=====================================================================
I live in a Reply-to-All world. -----------------------
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD4DBQFD43OAIR7qMdg1EfYRAjEJAJ9Izl6fpQldCmN+vxVEPIMeRRTDngCXXac/
BYha0N1JE9h0yDsfg0aJvw==
=+gMT
-----END PGP SIGNATURE-----
More information about the samba
mailing list