[Samba] idmap ad and sfu anyone?
roamdad at sonic.net
Mon Sep 25 15:51:35 GMT 2006
Thorsten Hamester wrote:
>> samba SVN 17972, Linux 2.6.16-1.2096
>> That should be about the same as 2.0.23c
>> getent passwd works to list domain accounts
>> getent group works to list domain groups
>> kinit works for domain accounts
>> wbinfo -u lists domain user accounts
>> wbinfo -g lists domain group accounts
>> In order to access roaming profiles and any shares from 2000 & XP
>> clients, I have to map DOMAIN\username to username in username map.
>> Anyone else running idmap backend=ad and winbind nss info=sfu want to
>> give me a tip?
>> winbind trusted domains and winbind use default domain have no impact
>> on this
>> All the unix attributes are configured in AD, sfu group membership
>> matches unix matches windows membership.
>> Regards, Doug
> they changed the default value for default domain and enum users to no
> so you have to define them in the config file
> winbind use default domain = Yes
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind nss info = RFC2307
winbind use default domain = yes or no makes no difference.
I didn't think it was relevant, but winbind enum users and groups are
already specified = yes.
This problem specifically involves
winbind nss info = sfu
security = ads
idmap backend = ad
This worked for about 2 years while I was using the xad padl 3rd party
plugin. I'm only having issues since samba rewrote it and bundled it
into the main tree and tokenized users & groups.
Thanks anyway, Doug
More information about the samba