[Samba] IDMAP RID problems and documentation

Plant, Dean dean.plant at roke.co.uk
Wed Dec 19 13:58:51 GMT 2007 

John wrote:
> Hello List,
> 
> After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use of
> the new syntax for IDMAP. But I failed, Also there is a lack on
> documentation how to us it. (Yes there is a man, but it contains
> limited explanation and examples).
> 
> What do I want?  What (I think a lot of people wants)
> I have two samba domain members and a Windows 2003 DC without R2 /
> SFU shema extension. So I want make use of the RID facility.
> Same GID/ UID mappings on all samba servers in the domain, with
> support of BUILTIN groups, and without installing schema extensions
>  on the DC. I assume that RID was designed for this scenario
> Can anyone assist me and everyone on list struggling with the same
> problems, how to proper configure SAMBA for this scenario?
> 
> Old syntax works, but lack support for BUILT-IN groups, and gives
> following complaints in syslog
> Module '/usr/lib/samba/idmap/rid.so' initialization failed:
> NT_STATUS_OBJECT_NAME_COLLISION
> and:
> lib/util_str.c:safe_strcpy_fn(659)
> Dec 19 13:12:47 s-0009 winbindd[5454]:   ERROR: string overflow by 1
> (256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255)
> in safe_strcpy [Added timed event "async_request_timeout": 8843878
> 

I have just fixed one of our Samba servers this morning after an the
upgrade from CentOS 5 -> 5.1 broke winbind resolution.

The below winbind config worked for me.

[global]
   workgroup = COMM
        server string = Samba Server
        log file = /var/log/samba/%m.log
        max log size = 50
        dns proxy = No
        cups options = raw

   password server = amachine.us.domain.co.uk
   realm = US.DOMAIN.CO.UK
   security = ads
# OLD IDMAP settings
#   idmap uid = 16777216-33554431
#   idmap gid = 16777216-33554431
#   idmap backend = rid:"US=16777216-33554431"
# NEW IDMAP settings
   idmap domains = US
   idmap config US: default = yes
   idmap config US: backend = rid
   idmap config US: range = 16777216-33554431
   idmap alloc config: range = 16777216-33554431

   template shell = /sbin/nologin
   winbind use default domain = yes
   allow trusted domains = no
   host msdfs = no
   winbind enum users = no
   winbind enum groups = no
   wins server = 192.168.1.10

Hope this helps

Dean

More information about the samba mailing list