[Samba] Re: Enabling 'idmap backend = ad' for user auth

Gerald (Jerry) Carter jerry at samba.org
Fri Feb 3 15:15:12 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rex Dieter wrote:
> McGlorfin wrote:
>> I'm using Samba 3.0.21a on Fedora Core 3 to authenticate against an AD
>> domain. The box running AD is Win2k3 R2, so AD has the RFC2207 schema
>> extensions applied.
> 
> Really?  I thought installing SFU on the domain controller is/was still
> required, no?  (What's R2?)
> 
>> I'm pretty sure there's an error in my smb.conf. (What else could it
>> be?) Here are the relevant entries from the global section:
>>         workgroup = MYDOMAIN
>>         realm = MYDOMAIN.LOCAL
>>         security = ADS
>>         idmap backend = ad
>>         idmap uid = 300000-30000000
>>         idmap gid = 300000-30000000
> ...
>>         winbind nss info = template, sfu
>           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Not absolutely sure, but docs I've seen say to set this to
> winbind nss info = sfu
> Not sure what the template bit is used for.

I assume template would be for the standard 'template homedir', et. al.
otpions.  But we don't actually check for that value in the source
code that I can tell.

Gunether,

Why is 'winbind nss info' a list ?  We only ever check for "sfu".
Were you thinking of chaining options





cheers, jerry
=====================================================================
I live in a Reply-to-All world.               -----------------------
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD4DBQFD43OAIR7qMdg1EfYRAjEJAJ9Izl6fpQldCmN+vxVEPIMeRRTDngCXXac/
BYha0N1JE9h0yDsfg0aJvw==
=+gMT
-----END PGP SIGNATURE-----


More information about the samba mailing list