[Samba] 2003 R2 IDMAP Backend issues
Matthew Oberhansley
d_thaiman at yahoo.com
Mon Jun 11 18:08:55 GMT 2007
Hello I am new to this post. My current setup is
this.
2003 R2 with Identity managment installed - I have
statically mapped Unique Unix attributes (UID and
GID)to each user.
Multiple CentOS 4.4 servers with Samba 3.0.25a-32
installed.
Everything works greats wbinfo -u -g -t, getent passwd
group.
But when I access any shares I get this error message.
[2007/06/11 11:27:35, 1]
smbd/sesssetup.c:reply_spnego_kerberos(439)
Username DOMAIN\COMPUTER-NAME$ is invalid on this
system
SMB.CONF
[global]
workgroup = DOMAIN
realm = DOMAIN.NET
server string = File Server
security = ADS
password server = *.*.98.3
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
use kerberos keytab = Yes
log file = /var/log/samba/%m.log
max log size = 50
smb ports = 139
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
printcap name = cups
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = *.*.98.3
idmap backend = ad
template shell = /bin/nologin
winbind cache time = 3600
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
[Public]
comment = Group Shares
path = /smb/public
read only = No
If I take out idmap backend = ad and add the idmap uid
and gid = commands and let winbind map the accounts
the errors goes away, but I want the servers to get
all the UID and GID info from AD. Is this a kerberos
timing issue? My DC and Samba servers are seperated
by a T-1 links that are not heavily used.
____________________________________________________________________________________
We won't tell. Get more on shows you hate to love
(and love to hate): Yahoo! TV's Guilty Pleasures list.
http://tv.yahoo.com/collections/265
More information about the samba
mailing list