[Samba] idmap_ad
Jerome Haltom
wasabi at larvalstage.net
Wed Jun 13 18:29:28 GMT 2007
3.0.24-2ubuntu1
[global]
smb ports = 445
workgroup = ISI
realm = AD.ISILLC.COM
server string = %h server (Samba, Ubuntu)
security = ADS
obey pam restrictions = Yes
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew
\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
use kerberos keytab = Yes
log level = 10
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
disable netbios = Yes
dns proxy = No
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
idmap backend = ad
idmap uid =
idmap gid =
template homedir = /home/%U
winbind nss info = sfu
winbind refresh tickets = Yes
winbind offline logon = Yes
invalid users = root
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[backup]
path = /srv/backup
valid users = @admin, ISI\jhaltom, ISI\BackupExec, ISI\SQLServer
read only = No
create mask = 0770
[2007/06/13 13:27:29, 0]
nsswitch/winbindd_util.c:winbindd_param_init(787)
winbindd: idmap uid range missing or invalid
[2007/06/13 13:27:29, 0]
nsswitch/winbindd_util.c:winbindd_param_init(788)
winbindd: cannot continue, exiting.
I've tried various combinations of idmap. It actually seems to sort of
work if I map the range 1-1, but I doubt this is appropriate.
On Wed, 2007-06-13 at 14:15 -0400, simo wrote:
> On Wed, 2007-06-13 at 12:38 -0500, Jerome Haltom wrote:
> > I'm trying to figure out how to configure idmap_ad to *not* map anything
> > that does not have a UID assigned by Active Directory. I do not like
> > randomly allocated UIDs appearing on my systems and would prefer to
> > drive these out centrally. Setting the idmap ranges to nothing seems to
> > cause an error.
> >
> > How can I do this?
>
> Samba version?
> smb.conf?
>
> Simo.
>
More information about the samba
mailing list