[Samba] how to make 'winbind nss info = sfu' work in v >= 3.0.26a
Jonathan Detert
Jonathan.Detert at msoe.edu
Wed Apr 16 20:32:22 GMT 2008
* Jonathan Detert <Jonathan.Detert at msoe.edu> [080416 13:44]:
> At the suggestion of someone who replied offline, I tried replacing
> reference to 'sfu' with 'rfc2307', as well as converting to the newer
> idmap config directives. However, I still can't resolve sids to uids.
>
> Now, instead of complaining about not finding sfu.so, the log complains
> about not finding rfc2307.so:
-- snip --
more news:
Just for fun, I made these changes:
a) re-established the schema mmode as sfu instead of rfc2037:
idmap config MSOE:schema_mode = sfu
b) changed winbind nss info of 'rfc2037' to 'template sfu':
winbind nss info = template sfu
and restarted winbind. Now Sids map to Uids/Gids, the way I expect.
Yay! But, of course, the homedir and loginshell are from template, and
not sfu, like I want. The whacked out thing here is that simply by
adding 'template' before 'sfu' in the 'winbind nss info' directive, now
'getent passwd username' returns something. Previously, it returned
nothing. And, it returns the uid:gid as sfu has them. So, sfu is
working, to an extent. It just can't seem to figure out the homedir and
loginshell.
Any ideas?
Thanks
p.s. here are the relevant lines from my smb.conf in it's present state:
workgroup = MSOE
realm = msoe.edu
security = ADS
idmap domains = MSOE
idmap config MSOE:backend = ad
idmap config MSOE:default = yes
idmap config MSOE:schema_mode = sfu
idmap config MSOE:range = 500-45000
idmap alloc backend = tdb
idmap alloc config:range = 5000 - 9999
winbind enum groups = yes
winbind enum users = yes
winbind nested groups = yes
winbind nss info = template sfu
winbind separator = +
winbind use default domain = yes
> * Jonathan Detert <Jonathan.Detert at msoe.edu> [080415 16:00]:
> > There is an instance of Ms.Active Directory that has had the 'Services
> > For Unix' applied.
> >
> > I use winbind v3.0.24 to get user/group info from that Ms.Active directory
> > instance like so:
> > -------- begin smb.conf snippet: ------------
> > security = ADS
> > realm = mydomain.com
> > workgroup = MYDOMAIN
> >
> > winbind enum groups = yes
> > winbind enum users = yes
> > winbind nested groups = yes
> > winbind nss info = sfu
> > winbind separator = +
> > winbind use default domain = yes
> >
> > idmap gid = 500-45000
> > idmap uid = 500-45000
> > idmap backend = ad
> > -------- end smb.conf snippet: ------------
> >
> > that works fine on ubuntu v7.04.
> >
> > The same config, shown above, does not work under winbind v3.0.26a
> > running on ubuntu v7.10. I can turn an name into a sid, and the sid
> > back into a name (via wbinfo -n and -s, respectively), but I can't turn
> > a sid into a unix uid or gid (via the -S argument). Also, 'getent passwd'
> > doesn't return any users from Active Directory.
> >
> > Any idea what's wrong? Is it my config?
> > --
> > Jon Detert
> > IT Systems Administrator, Milwaukee School of Engineering
> > 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
> > --
> > Linus Torvalds can divide by zero.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
>
> --
> Jon Detert
> IT Systems Administrator, Milwaukee School of Engineering
> 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
> --
> Fashion is a form of ugliness so intolerable that we have to alter it every six months.
>
> ~ Oscan Wilde
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
--
Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
--
If the facts don't fit the theory, change the facts.
More information about the samba
mailing list