[Samba] Problem with LDAP DOMAIN MEMBER SERVER and idmap

James james at nttmcl.com
Fri Jul 13 18:39:20 GMT 2007


Hi guys i'm having a problem with connecting a domain memberserver and 
getting the idmaps to work correctly.
I have winbindd running on both so it should be going.
Both are linux servers.
Here's my deal

*Errors:*
[2007/07/13 05:29:16, 0] sam/idmap_ldap.c:ldap_get_sid_from_id(269)
  ldap_get_sid_from_id: mapping not found for gidNumber: 0
[2007/07/13 05:29:16, 0] sam/idmap_ldap.c:ldap_get_sid_from_id(269)
  ldap_get_sid_from_id: mapping not found for gidNumber: 99

i can run a net groupmap list and see all the groups that exist fine.
I try to login to enter one of the home folder on the MEMBER server and 
it's no go. Yes the folder exists and is chowned correctly.
i notice my ldap server only has like 4 entries in the idmap but i'm 
supposing those entries are just routing back to unix groups/users

TIA


I have a master server as PDC with LDAP and SAMBA

*Configuration for the PDC*
#################################################
[global]
netbios name = TESTER
workgroup = TESTER-LDAP

os level = 65
preferred master = yes
domain master = yes
local master = yes
security = user
domain logons = yes

passdb backend = ldapsam:"ldap://ldap-client.example.com"
ldap suffix = dc=tester,dc=com
ldap admin dn = cn=admin,dc=tester,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Hosts
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://ldap-client.example.com
idmap uid = 10000-20000
idmap gid = 10000-20000
socket options = TCP_NODELAY
wins support = yes

logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U
socket options = TCP_NODELAY

[netlogon]
path = /var/lib/samba/netlogon
read only = yes
browseable = yes

[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0600
directory mask = 0700

[homes]
   comment = Home Directories
   browseable = no
   writable = no
   create mask = 0700
   directory mask = 0700
   valid users = %S



*DOMAIN MEMBER SERVER
*#################################################

[global]
netbios name = FEDORA
workgroup = TESTER-LDAP

preferred master = no
domain master = no
local master = no
security = domain
null passwords = yes
username map = /etc/samba/smbusers
os level = 0

name resolve order = wins bcast hosts
idmap backend = ldap:ldap://ldap-client.example.com
ldap suffix = dc=tester,dc=com
ldap admin dn = cn=admin,dc=tester,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Hosts
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind trusted domains only = Yes
socket options = TCP_NODELAY

wins server = xxx.xxxx.xxx.xxx

[homes]
   comment = Home Directories
   browseable = no
   read only = no
   create mask = 0700
   directory mask = 0700
   valid users = %S



More information about the samba mailing list