[Samba] winbind users not getting groups. idmap backend problem?
Eric Gottesman
ericg at ingenio.com
Tue Dec 4 22:36:58 GMT 2007
yo.
i have a vmware VI3 machine (which is effectively FC3 for our intents
and purposes) i'm trying to get to authenticate with our active
directory domain. it's -mostly- working- i can log in as my domain user
successfully, getent passwd and group work, wbinfo -u and -g work,
however wbinfo -t fails and if i type 'groups <domainuser>', i get this:
id: cannot find name for group ID 10005
id: cannot find name for group ID 10006
id: cannot find name for group ID 10008
id: cannot find name for group ID 10009
id: cannot find name for group ID 10016
/var/log/samba.winbindd has a bunch of errors like this:
[2007/12/04 14:22:05, 1] nsswitch/winbindd_cm.c:cm_open_connection(333)
failed tcon_X with NT_STATUS_ACCESS_DENIED
[2007/12/04 14:22:05, 1] nsswitch/winbindd_cm.c:cm_open_connection(333)
failed tcon_X with NT_STATUS_ACCESS_DENIED
[2007/12/04 14:22:05, 1] nsswitch/winbindd_cm.c:cm_open_connection(333)
failed tcon_X with NT_STATUS_ACCESS_DENIED
[2007/12/04 14:22:05, 1]
nsswitch/winbindd_group.c:winbindd_getgrgid(381)
could not lookup sid
here's my smb.conf:
[global]
workgroup = OURWORKGROUP
netbios name = hostname
server string = Linux workstation 1
security = ADS
log file = /var/log/samba/samba.%m
max log size = 50
local master = no
preferred master = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template homedir = /home/%U
template shell = /bin/bash
encrypt passwords = yes
dns proxy = no
realm = REALM.COMPANY.COM
password server = servername.company.com
wins proxy = no
allow trusted domains = no
i vaguely suspect that i need something like this:
idmap backend = idmap_rid:REALM.COMPANY.COM=10000-20000
...but if i put that in, winbind completely stops working and i can't do
anything. thoughts?
More information about the samba
mailing list