[Samba] IDMAP RID problems and documentation

Charles Marcus CMarcus at Media-Brokers.com
Wed Dec 19 16:33:42 GMT 2007 

Plant, Dean, on 12/19/2007 8:58 AM, said the following:
> John wrote:
>> Hello List,
>>
>> After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use of
>> the new syntax for IDMAP. But I failed, Also there is a lack on
>> documentation how to us it. (Yes there is a man, but it contains
>> limited explanation and examples).
>>
>> What do I want?  What (I think a lot of people wants)
>> I have two samba domain members and a Windows 2003 DC without R2 /
>> SFU shema extension. So I want make use of the RID facility.
>> Same GID/ UID mappings on all samba servers in the domain, with
>> support of BUILTIN groups, and without installing schema extensions
>>  on the DC. I assume that RID was designed for this scenario
>> Can anyone assist me and everyone on list struggling with the same
>> problems, how to proper configure SAMBA for this scenario?
>>
>> Old syntax works, but lack support for BUILT-IN groups, and gives
>> following complaints in syslog
>> Module '/usr/lib/samba/idmap/rid.so' initialization failed:
>> NT_STATUS_OBJECT_NAME_COLLISION
>> and:
>> lib/util_str.c:safe_strcpy_fn(659)
>> Dec 19 13:12:47 s-0009 winbindd[5454]:   ERROR: string overflow by 1
>> (256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255)
>> in safe_strcpy [Added timed event "async_request_timeout": 8843878
>>
> 
> I have just fixed one of our Samba servers this morning after an the
> upgrade from CentOS 5 -> 5.1 broke winbind resolution.
> 
> The below winbind config worked for me.

I'm curious - what exactly CHANGED (or, what did you have to change)?

> [global]
>    workgroup = COMM
>         server string = Samba Server
>         log file = /var/log/samba/%m.log
>         max log size = 50
>         dns proxy = No
>         cups options = raw
> 
>    password server = amachine.us.domain.co.uk
>    realm = US.DOMAIN.CO.UK
>    security = ads
> # OLD IDMAP settings
> #   idmap uid = 16777216-33554431
> #   idmap gid = 16777216-33554431
> #   idmap backend = rid:"US=16777216-33554431"
> # NEW IDMAP settings
>    idmap domains = US
>    idmap config US: default = yes
>    idmap config US: backend = rid
>    idmap config US: range = 16777216-33554431
>    idmap alloc config: range = 16777216-33554431
> 
>    template shell = /sbin/nologin
>    winbind use default domain = yes
>    allow trusted domains = no
>    host msdfs = no
>    winbind enum users = no
>    winbind enum groups = no
>    wins server = 192.168.1.10
> 
> Hope this helps
> 
> Dean


-- 

Best regards,

Charles Marcus
I.T. Director
Media Brokers International
678.514.6200 x224
678.514.6299 fax

More information about the samba mailing list