[Samba] Problems with winbind, idmap and usrmgr.exe
Mike Brady
mike.brady at devnull.net.nz
Wed Apr 23 07:45:50 GMT 2008
First of all apologies for replying to my own query, but I have run out
of things to try and really need to make some progress on this.
I have done a clean install and am now using the configuration file
below for my Samba PDC. This has made no difference to the issue with
usrmgr.exe. As before this is Samba 3.0.28a on Centos 5.1 x86_64 and
nsswitch is configured to use winbind.
[global]
log level = 5
workgroup = domb
server string = Samba Server Version %v
interfaces = lo, eth0
passdb backend = tdbsam:/etc/samba/passdb.tdb
username map = /etc/samba/smbusers
log file = /var/log/samba/%m.log
max log size = 50
# Stuff that makes this machine a PDC.
add user script = /usr/sbin/useradd "%u" -n -g domusers
delete user script = /usr/sbin/userdel "%u"
add group script = /usr/sbin/groupadd "%g"
delete group script = /usr/sbin/groupdel "%g"
delete user from group script = /usr/sbin/userdel "%u" "%g"
add machine script = /usr/sbin/useradd -n -c "Workstation (%u)"
-M -d /nohome -s /bin/false -g machines "%u"
logon path = \\%L\Profiles\%U
logon home = \\%L\%U\.profiles
logon drive = H:
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
wins proxy = Yes
wins support = Yes
# Equivalent of old behaviour.
idmap domains = ALLDOMAINS
idmap config ALLDOMAINS:default = yes
idmap config ALLDOMAINS:backend = tdb
idmap config ALLDOMAINS:range = 10000 - 50000
idmap alloc backend = tdb
idmap alloc config:range = 10000 - 50000
winbind enum users = yes
winbind enum groups = Yes
winbind nested groups = yes
hosts allow = 127., 192.168.42., 192.168.43.
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
browseable = No
share modes = No
read only = yes
[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
At this stage I believe there to be a problem with winbind as I have
also tried the following.
Creating a local group with "net -U root%xxxxxxx sam createlocalgroup
local1", which succeeds.
A portion of the output from "net groupmap list verbose" shows:
local1
SID : S-1-5-21-2991776595-4262790192-2958925130-1004
Unix gid : 10053
Unix group: local1
Group type: Local Group
Comment :
Testing winbind with the following:
[root at dombpdc ~]# wbinfo -G 10053
S-1-5-21-2991776595-4262790192-2958925130-1004
[root at dombpdc ~]# wbinfo -s
"S-1-5-21-2991776595-4262790192-2958925130-1004"
Could not lookup sid S-1-5-21-2991776595-4262790192-2958925130-1004
Shouldn't both these commands work or am missing something? I tried it
both with and without the quotes around the SID.
Also
[root at dombpdc ~]# wbinfo -D .
Name : DOMB
Alt_Name :
SID : S-1-5-21-2991776595-4262790192-2958925130
Active Directory : No
Native : No
Primary : Yes
Sequence : -1
[root at dombpdc ~]# wbinfo -u
Error looking up domain users
[root at dombpdc ~]# wbinfo -g
BUILTIN\server operators
BUILTIN\guests
BUILTIN\power users
BUILTIN\print operators
BUILTIN\administrators
BUILTIN\account operators
BUILTIN\backup operators
BUILTIN\users
local1
These are only the local groups. Shouldn't this list the domain groups
as well?
[root at dombpdc ~]# wbinfo --getdcname domb
Could not get dc name for domb
Which may well be the root of the problem?
I am happy to supply which ever logs are required, just let me know.
Thanks
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20080423/79a89fc7/attachment.bin
More information about the samba
mailing list