[Samba] idmap backend ad and trusted domains?

Mark Proehl M.Proehl at science-computing.de
Thu Jul 27 18:53:18 GMT 2006


On Thu, Jul 27, 2006 at 04:57:39PM +0200, Mark Proehl wrote:
> Hi,
> 
> is "idmap backend = ad" with "winbind nss info = sfu" supposed to work
> with trusted domains?
> 
> - Mark

my problem is this: 

  vm1:~ # wbinfo -S S-1-5-21-4038355506-4058439304-2375676978-500
  100003
  vm1:~ # wbinfo -S S-1-5-21-4038355506-4058439304-2375676978-500
  100003
  vm1:~ # wbinfo -S S-1-5-21-450098887-3131224273-1459421348-500
  Could not convert sid S-1-5-21-450098887-3131224273-1459421348-500 to uid

both domains are w2k3r2 domains.  Samba is 3.0.23a. I suspect that
winbind does not follow the ldap referral from it's own dc to the dc
of the trusted domain. 

Or is there a problem with my setup:

  [global]
        workgroup = W2K3
        realm = EXAMPLE.COM
        security = ADS
        use kerberos keytab = Yes
        log level = 10
        panic action = sleep 10000
        idmap backend = ad
        idmap uid = 10000-1000000
        idmap gid = 10000-1000000
        winbind cache time = 10
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind nss info = sfu



More information about the samba mailing list