[Samba] idmap backend ad and trusted domains?

Mark Proehl M.Proehl at science-computing.de
Fri Jul 28 06:06:26 GMT 2006


On Thu, Jul 27, 2006 at 03:02:16PM -0400, simo wrote:
> On Thu, 2006-07-27 at 20:53 +0200, Mark Proehl wrote:
> > On Thu, Jul 27, 2006 at 04:57:39PM +0200, Mark Proehl wrote:
> > > Hi,
> > > 
> > > is "idmap backend = ad" with "winbind nss info = sfu" supposed to work
> > > with trusted domains?
> > > 
> > > - Mark
> > 
> > my problem is this: 
> > 
> >   vm1:~ # wbinfo -S S-1-5-21-4038355506-4058439304-2375676978-500
> >   100003
> >   vm1:~ # wbinfo -S S-1-5-21-4038355506-4058439304-2375676978-500
> >   100003
> >   vm1:~ # wbinfo -S S-1-5-21-450098887-3131224273-1459421348-500
> >   Could not convert sid S-1-5-21-450098887-3131224273-1459421348-500 to uid
> > 
> > both domains are w2k3r2 domains.  Samba is 3.0.23a. I suspect that
> > winbind does not follow the ldap referral from it's own dc to the dc
> > of the trusted domain. 
> 
> Seem this is a known bug:
> https://bugzilla.samba.org/show_bug.cgi?id=3661
> 
> Simo.
> 

Thank you, this is the same problem that I am facing.

But I noticed another problem: idmap_ad in 3.0.23a seems to ignore the
UNIX attributes (eg. unixHomeDirectory and loginShell). This has been
working with W2K3 and SFU-3.5, but with W2K3-R2 the user entry only
gets default template values for these attributes.

- Mark



More information about the samba mailing list