[Samba] IDMAP RID problems and documentation
Charles Marcus
CMarcus at Media-Brokers.com
Wed Dec 19 16:33:42 GMT 2007
Plant, Dean, on 12/19/2007 8:58 AM, said the following:
> John wrote:
>> Hello List,
>>
>> After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use of
>> the new syntax for IDMAP. But I failed, Also there is a lack on
>> documentation how to us it. (Yes there is a man, but it contains
>> limited explanation and examples).
>>
>> What do I want? What (I think a lot of people wants)
>> I have two samba domain members and a Windows 2003 DC without R2 /
>> SFU shema extension. So I want make use of the RID facility.
>> Same GID/ UID mappings on all samba servers in the domain, with
>> support of BUILTIN groups, and without installing schema extensions
>> on the DC. I assume that RID was designed for this scenario
>> Can anyone assist me and everyone on list struggling with the same
>> problems, how to proper configure SAMBA for this scenario?
>>
>> Old syntax works, but lack support for BUILT-IN groups, and gives
>> following complaints in syslog
>> Module '/usr/lib/samba/idmap/rid.so' initialization failed:
>> NT_STATUS_OBJECT_NAME_COLLISION
>> and:
>> lib/util_str.c:safe_strcpy_fn(659)
>> Dec 19 13:12:47 s-0009 winbindd[5454]: ERROR: string overflow by 1
>> (256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255)
>> in safe_strcpy [Added timed event "async_request_timeout": 8843878
>>
>
> I have just fixed one of our Samba servers this morning after an the
> upgrade from CentOS 5 -> 5.1 broke winbind resolution.
>
> The below winbind config worked for me.
I'm curious - what exactly CHANGED (or, what did you have to change)?
> [global]
> workgroup = COMM
> server string = Samba Server
> log file = /var/log/samba/%m.log
> max log size = 50
> dns proxy = No
> cups options = raw
>
> password server = amachine.us.domain.co.uk
> realm = US.DOMAIN.CO.UK
> security = ads
> # OLD IDMAP settings
> # idmap uid = 16777216-33554431
> # idmap gid = 16777216-33554431
> # idmap backend = rid:"US=16777216-33554431"
> # NEW IDMAP settings
> idmap domains = US
> idmap config US: default = yes
> idmap config US: backend = rid
> idmap config US: range = 16777216-33554431
> idmap alloc config: range = 16777216-33554431
>
> template shell = /sbin/nologin
> winbind use default domain = yes
> allow trusted domains = no
> host msdfs = no
> winbind enum users = no
> winbind enum groups = no
> wins server = 192.168.1.10
>
> Hope this helps
>
> Dean
--
Best regards,
Charles Marcus
I.T. Director
Media Brokers International
678.514.6200 x224
678.514.6299 fax
More information about the samba
mailing list