[Samba] idmap backend ad and trusted domains?

Gautier, B (Bob) Bob.Gautier at rabobank.com
Fri Jul 28 09:27:33 GMT 2006 

> -----Original Message-----
> From: samba-bounces+bob.gautier=rabobank.com at lists.samba.org 
> [mailto:samba-bounces+bob.gautier=rabobank.com at lists.samba.org
] On Behalf Of Mark Proehl
> Sent: 28 July 2006 07:06
> To: samba at lists.samba.org
> Subject: Re: [Samba] idmap backend ad and trusted domains?
> 
> On Thu, Jul 27, 2006 at 03:02:16PM -0400, simo wrote:
> > On Thu, 2006-07-27 at 20:53 +0200, Mark Proehl wrote:
> > > On Thu, Jul 27, 2006 at 04:57:39PM +0200, Mark Proehl wrote:
> > > > Hi,
> > > > 
> > > > is "idmap backend = ad" with "winbind nss info = sfu" 
> supposed to 
> > > > work with trusted domains?
> > > > 
> > > > - Mark
> > > 
> > > my problem is this: 
> > > 
> > >   vm1:~ # wbinfo -S S-1-5-21-4038355506-4058439304-2375676978-500
> > >   100003
> > >   vm1:~ # wbinfo -S S-1-5-21-4038355506-4058439304-2375676978-500
> > >   100003
> > >   vm1:~ # wbinfo -S S-1-5-21-450098887-3131224273-1459421348-500
> > >   Could not convert sid 
> S-1-5-21-450098887-3131224273-1459421348-500 
> > > to uid
> > > 
> > > both domains are w2k3r2 domains.  Samba is 3.0.23a. I 
> suspect that 
> > > winbind does not follow the ldap referral from it's own 
> dc to the dc 
> > > of the trusted domain.
> > 
> > Seem this is a known bug:
> > https://bugzilla.samba.org/show_bug.cgi?id=3661
> > 
> > Simo.
> > 
> 
> Thank you, this is the same problem that I am facing.
> 
> But I noticed another problem: idmap_ad in 3.0.23a seems to 
> ignore the UNIX attributes (eg. unixHomeDirectory and 
> loginShell). This has been working with W2K3 and SFU-3.5, but 
> with W2K3-R2 the user entry only gets default template values 
> for these attributes.

'winbind nss info = sfu' setting is essential for SFU, and if you have
W2k3r2, you need 'winbind nss info = rfc2307'.  Samba no longer guesses
which schema to use.

Bob G
_____________________________________________________________

This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat.
_____________________________________________________________

More information about the samba mailing list