[Samba] idmap ad and sfu anyone?

Thorsten Hamester thorsten_hamester at ape-berlin.de
Mon Sep 25 14:02:31 GMT 2006


> samba SVN 17972, Linux 2.6.16-1.2096
> That should be about the same as 2.0.23c
> getent passwd works to list domain accounts
> getent group works to list domain groups
> kinit works for domain accounts
> wbinfo -u lists domain user accounts
> wbinfo -g lists domain group accounts
> In order to access roaming profiles and any shares from 2000 & XP  
> clients, I have to map DOMAIN\username to username in username map.
> Anyone else running idmap backend=ad and winbind nss info=sfu want to  
> give me a tip?
> winbind trusted domains and winbind use default domain have no impact on  
> this
> All the unix attributes are configured in AD, sfu group membership  
> matches unix matches windows membership.
> Regards, Doug

they changed the default value for default domain and enum users to no so  
you have to define them in the config file

         winbind use default domain = Yes
         winbind enum users = Yes
         winbind enum groups = Yes
         winbind nss info = RFC2307

Thorsten Hamester

More information about the samba mailing list