[Samba] idmap ad and sfu anyone?

Doug VanLeuven roamdad at sonic.net
Mon Sep 25 15:51:35 GMT 2006

Thorsten Hamester wrote:
> Hello
>> samba SVN 17972, Linux 2.6.16-1.2096
>> That should be about the same as 2.0.23c
>> getent passwd works to list domain accounts
>> getent group works to list domain groups
>> kinit works for domain accounts
>> wbinfo -u lists domain user accounts
>> wbinfo -g lists domain group accounts
>> In order to access roaming profiles and any shares from 2000 & XP 
>> clients, I have to map DOMAIN\username to username in username map.
>> Anyone else running idmap backend=ad and winbind nss info=sfu want to 
>> give me a tip?
>> winbind trusted domains and winbind use default domain have no impact 
>> on this
>> All the unix attributes are configured in AD, sfu group membership 
>> matches unix matches windows membership.
>> Regards, Doug
> they changed the default value for default domain and enum users to no 
> so you have to define them in the config file
>         winbind use default domain = Yes
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind nss info = RFC2307
winbind use default domain = yes or no makes no difference.
I didn't think it was relevant, but winbind enum users and groups are 
already specified = yes.

This problem specifically involves
winbind nss info = sfu
security = ads
idmap backend = ad

This worked for about 2 years while I was using the xad padl 3rd party 
plugin.  I'm only having issues since samba rewrote it and bundled it 
into the main tree and tokenized users & groups.

Thanks anyway, Doug

More information about the samba mailing list