[Samba] Problems with winbind, idmap and usrmgr.exe

L.P.H. van Belle belle at bazuin.nl
Wed Apr 23 11:11:44 GMT 2008 

did you add your server to the domain ? 
eq.. net rpc join -S 'pdc-name' -U administrator%password -d 5 

check this page and review your config also.
http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html 

 Louis


>-----Oorspronkelijk bericht-----
>Van: samba-bounces+belle=bazuin.nl at lists.samba.org 
>[mailto:samba-bounces+belle=bazuin.nl at lists.samba.org] Namens 
>Mike Brady
>Verzonden: woensdag 23 april 2008 9:46
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Problems with winbind, idmap and usrmgr.exe
>
>First of all apologies for replying to my own query, but I have run out
>of things to try and really need to make some progress on this.
>
>I have done a clean install and am now using the configuration file
>below for my Samba PDC.  This has made no difference to the issue with
>usrmgr.exe.  As before this is Samba 3.0.28a on Centos 5.1 x86_64 and
>nsswitch is configured to use winbind.
>
>[global]
>        log level = 5
>        workgroup = domb
>        server string = Samba Server Version %v
>        interfaces = lo, eth0
>        passdb backend = tdbsam:/etc/samba/passdb.tdb
>        username map = /etc/samba/smbusers
>        log file = /var/log/samba/%m.log
>        max log size = 50
>
>        # Stuff that makes this machine a PDC.
>        add user script = /usr/sbin/useradd "%u" -n -g domusers
>        delete user script = /usr/sbin/userdel "%u"
>        add group script = /usr/sbin/groupadd "%g"
>        delete group script = /usr/sbin/groupdel "%g"
>        delete user from group script = /usr/sbin/userdel "%u" "%g"
>        add machine script = /usr/sbin/useradd -n -c "Workstation (%u)"
>-M -d /nohome -s /bin/false -g machines "%u"
>        logon path = \\%L\Profiles\%U
>        logon home = \\%L\%U\.profiles
>        logon drive = H:
>        domain logons = Yes
>        os level = 33
>        preferred master = Yes
>        domain master = Yes
>        wins proxy = Yes
>        wins support = Yes
>
>        # Equivalent of old behaviour.
>        idmap domains = ALLDOMAINS
>        idmap config ALLDOMAINS:default = yes
>        idmap config ALLDOMAINS:backend = tdb
>        idmap config ALLDOMAINS:range   = 10000 - 50000
>
>        idmap alloc backend = tdb
>        idmap alloc config:range = 10000 - 50000
>
>        winbind enum users = yes
>        winbind enum groups = Yes
>        winbind nested groups = yes
>        hosts allow = 127., 192.168.42., 192.168.43.
>        cups options = raw
>
>[homes]
>        comment = Home Directories
>        read only = No
>        browseable = No
>
>[netlogon]
>        comment = Network Logon Service
>        path = /var/lib/samba/netlogon
>        guest ok = Yes
>        browseable = No
>        share modes = No
>        read only = yes
>
>[profiles]
>        path = /var/lib/samba/profiles
>        read only = no
>        create mask = 0600
>        directory mask = 0700
>
>At this stage I believe there to be a problem with winbind as I have
>also tried the following.
>
>Creating a local group with "net -U root%xxxxxxx sam createlocalgroup
>local1", which succeeds.
>
>A portion of the output from "net groupmap list verbose" shows:
>local1
>        SID       : S-1-5-21-2991776595-4262790192-2958925130-1004
>        Unix gid  : 10053
>        Unix group: local1
>        Group type: Local Group
>        Comment   :
>
>Testing winbind with the following:
>[root at dombpdc ~]# wbinfo -G 10053
>S-1-5-21-2991776595-4262790192-2958925130-1004
>[root at dombpdc ~]# wbinfo -s
>"S-1-5-21-2991776595-4262790192-2958925130-1004"
>Could not lookup sid S-1-5-21-2991776595-4262790192-2958925130-1004
>
>Shouldn't both these commands work or am missing something?   
>I tried it
>both with and without the quotes around the SID.
>
>Also
>
>[root at dombpdc ~]# wbinfo -D .
>Name              : DOMB
>Alt_Name          :
>SID               : S-1-5-21-2991776595-4262790192-2958925130
>Active Directory  : No
>Native            : No
>Primary           : Yes
>Sequence          : -1
>
>[root at dombpdc ~]# wbinfo -u
>Error looking up domain users
>
>[root at dombpdc ~]# wbinfo -g
>BUILTIN\server operators
>BUILTIN\guests
>BUILTIN\power users
>BUILTIN\print operators
>BUILTIN\administrators
>BUILTIN\account operators
>BUILTIN\backup operators
>BUILTIN\users
>local1
>
>These are only the local groups.  Shouldn't this list the domain groups
>as well?
>
>[root at dombpdc ~]# wbinfo --getdcname domb
>Could not get dc name for domb
>
>Which may well be the root of the problem?
>
>I am happy to supply which ever logs are required, just let me know.
>
>Thanks
>
>Mike
>

More information about the samba mailing list