[Samba] idmap backend questions

werner maes werner.maes at cc.kuleuven.be
Fri Sep 21 09:06:36 GMT 2007


I have some questions regarding the idmap backend.

Does this only work when you've have joined your samba server to the 
AD domain (security = ADS)?
I would like to map SID to uids/gids on a samba server that has a 
trust with an AD server.

In my setup I have established a trust between samba and AD; they are 
both PDC's.

         idmap domains = PCLABTEST
         idmap config PCLABTEST:backend = ad
         idmap config PCLABTEST:default = yes
         idmap config PCLABTEST:range = 100 - 3000000000
         idmap alloc backend = tdb
         idmap alloc config:range = 100 - 300000000

==> /var/log/samba/winbindd.log
[2007/09/21 09:56:31, 1] 
   ad_idmap_init: failed to connect to AD
[2007/09/21 09:56:31, 1] nsswitch/idmap_ad.c:idmap_ad_sids_to_unixids(514)
   ADS uninitialized
[2007/09/21 09:56:31, 2] nsswitch/idmap.c:idmap_backends_sids_to_unixids(1148)
   ERROR: NTSTATUS = 0xc0000001

ps: I have configured samba with these options included 
(--with-shared-modules=idmap_ad --with-ads) and have installed 
"Identity management for Unix" on the AD server. I have given a user 
a uid & gid in AD.
If I do an strace of the winbind proces, I can see both the uidNumer 
and gidNumber, both samba does not pick it up.

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

More information about the samba mailing list