[Samba] Problem with LDAP DOMAIN MEMBER SERVER and idmap
James
james at nttmcl.com
Fri Jul 13 18:39:20 GMT 2007
Hi guys i'm having a problem with connecting a domain memberserver and
getting the idmaps to work correctly.
I have winbindd running on both so it should be going.
Both are linux servers.
Here's my deal
*Errors:*
[2007/07/13 05:29:16, 0] sam/idmap_ldap.c:ldap_get_sid_from_id(269)
ldap_get_sid_from_id: mapping not found for gidNumber: 0
[2007/07/13 05:29:16, 0] sam/idmap_ldap.c:ldap_get_sid_from_id(269)
ldap_get_sid_from_id: mapping not found for gidNumber: 99
i can run a net groupmap list and see all the groups that exist fine.
I try to login to enter one of the home folder on the MEMBER server and
it's no go. Yes the folder exists and is chowned correctly.
i notice my ldap server only has like 4 entries in the idmap but i'm
supposing those entries are just routing back to unix groups/users
TIA
I have a master server as PDC with LDAP and SAMBA
*Configuration for the PDC*
#################################################
[global]
netbios name = TESTER
workgroup = TESTER-LDAP
os level = 65
preferred master = yes
domain master = yes
local master = yes
security = user
domain logons = yes
passdb backend = ldapsam:"ldap://ldap-client.example.com"
ldap suffix = dc=tester,dc=com
ldap admin dn = cn=admin,dc=tester,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Hosts
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://ldap-client.example.com
idmap uid = 10000-20000
idmap gid = 10000-20000
socket options = TCP_NODELAY
wins support = yes
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U
socket options = TCP_NODELAY
[netlogon]
path = /var/lib/samba/netlogon
read only = yes
browseable = yes
[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
[homes]
comment = Home Directories
browseable = no
writable = no
create mask = 0700
directory mask = 0700
valid users = %S
*DOMAIN MEMBER SERVER
*#################################################
[global]
netbios name = FEDORA
workgroup = TESTER-LDAP
preferred master = no
domain master = no
local master = no
security = domain
null passwords = yes
username map = /etc/samba/smbusers
os level = 0
name resolve order = wins bcast hosts
idmap backend = ldap:ldap://ldap-client.example.com
ldap suffix = dc=tester,dc=com
ldap admin dn = cn=admin,dc=tester,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Hosts
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind trusted domains only = Yes
socket options = TCP_NODELAY
wins server = xxx.xxxx.xxx.xxx
[homes]
comment = Home Directories
browseable = no
read only = no
create mask = 0700
directory mask = 0700
valid users = %S
More information about the samba
mailing list