[Samba] idmap ad and sfu anyone?
Doug VanLeuven
roamdad at sonic.net
Mon Sep 25 15:51:35 GMT 2006
Thorsten Hamester wrote:
> Hello
>
>
>> samba SVN 17972, Linux 2.6.16-1.2096
>> That should be about the same as 2.0.23c
>>
>> getent passwd works to list domain accounts
>> getent group works to list domain groups
>> kinit works for domain accounts
>> wbinfo -u lists domain user accounts
>> wbinfo -g lists domain group accounts
>>
>> In order to access roaming profiles and any shares from 2000 & XP
>> clients, I have to map DOMAIN\username to username in username map.
>> Anyone else running idmap backend=ad and winbind nss info=sfu want to
>> give me a tip?
>>
>> winbind trusted domains and winbind use default domain have no impact
>> on this
>>
>> All the unix attributes are configured in AD, sfu group membership
>> matches unix matches windows membership.
>>
>> Regards, Doug
>>
>
> they changed the default value for default domain and enum users to no
> so you have to define them in the config file
>
> winbind use default domain = Yes
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind nss info = RFC2307
>
winbind use default domain = yes or no makes no difference.
I didn't think it was relevant, but winbind enum users and groups are
already specified = yes.
This problem specifically involves
winbind nss info = sfu
security = ads
idmap backend = ad
This worked for about 2 years while I was using the xad padl 3rd party
plugin. I'm only having issues since samba rewrote it and bundled it
into the main tree and tokenized users & groups.
Thanks anyway, Doug
More information about the samba
mailing list