[Samba] Winbind - Windows 2000 AD group filtering

James Sweet James.Sweet at fone-logistics.co.uk
Thu Feb 16 17:09:40 GMT 2006


Hey all
I'm currently trying to use squid and samba/winbind to filter  internet access based on groups in a windows 2000 active  directory domain. Im running Mandrake 10.1 Community and  samba 3.0.10 installed from rpm.

Following the directions in the samba manual for setting  up winbind I have:

- configured nsswitch.conf

- checked to see if the libnss_winbind.so library is there

- checked to see if the symbolic link was there

- added relevent lines to the smb.conf as described in the  manual

- Joined domain successfully

I can use wbinfo to check the shared secret and get a  listing of users and groups from the domain. But when I  use getent passwd and getent groups it only shows local  users and groups on the Linux machine and not those from  the windows domain as well. Is there a command I have to  use to synchronise users and groups so I can get a unified  listing on the linux box.

********************************************
My Smb.conf

[Global]

        Workgroup = MYDOMAIN
        netbiosname = squidtest
        security = DOMAIN

#       Domain Stuff

        winbind separator = \
        idmap uid = 30000-40000
        idmap gid = 30000-40000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/MYDOMAIN/%U

        winbind use default domain = yes
        obey pam restrictions = yes
        password server = MYPASSWORDSERVER
        encrypt passwords = yes

[Share 1]

        path = /home/jim
        comment = Jim's Home Folder
        public = yes

**********************************************

Also this appears in my /var/log/samba/log.winbindd log  everytime i start samba/winbind.


[2006/02/10 11:06:35, 1] nsswitch/winbindd.c:main(864)
  winbindd version 3.0.10 started.
  Copyright The Samba Team 2000-2004
[2006/02/10 11:06:35, 0]  nsswitch/winbindd_util.c:winbindd_param_init(560)
  winbindd: idmap uid range missing or invalid
[2006/02/10 11:06:35, 0]  nsswitch/winbindd_util.c:winbindd_param_init(561)
  winbindd: cannot continue, exiting.
[2006/02/10 11:06:35, 1] nsswitch/winbindd.c:main(897)
  Could not init idmap -- netlogon proxy only

I have also noted that from messing about with wbinfo  switches i can get listings of groups for a particular  user on the domain. I then remove that user from one of  the groups they belong to on the domain controller and run  the same command again and it doesnt show a different list  of groups. I am confused as this must mean its looking at  user and group data locally on the linux box as it shows  old data but when i run getent passwd and getent group it  still comes back with only the linux users and groups.

Is there any configuration options i have not set up in my  smb.comf or am i missing something else?


Thanks in advance
James

 



_____________________________________________________________________
This transmission and any attachments are confidential and are intended solely for the named addressee (s). If you are not the addressee, please do not read, copy, use or disclose this transmission and please notify us immediately by telephone on 
+44 (0) 1670 594848 or by reply.  Please then delete this transmission from your system.

Although we have taken steps to ensure that this email and attachments are free from viruses, we advise that in keeping with good computing practice the recipient must ensure that they in fact are virus free.

No contracts may be concluded on behalf of Fone Logistics LTD by means of email communications.


More information about the samba mailing list