[Samba] Problems with winbind, idmap and usrmgr.exe
L.P.H. van Belle
belle at bazuin.nl
Wed Apr 23 11:11:44 GMT 2008
did you add your server to the domain ?
eq.. net rpc join -S 'pdc-name' -U administrator%password -d 5
check this page and review your config also.
http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html
Louis
>-----Oorspronkelijk bericht-----
>Van: samba-bounces+belle=bazuin.nl at lists.samba.org
>[mailto:samba-bounces+belle=bazuin.nl at lists.samba.org] Namens
>Mike Brady
>Verzonden: woensdag 23 april 2008 9:46
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Problems with winbind, idmap and usrmgr.exe
>
>First of all apologies for replying to my own query, but I have run out
>of things to try and really need to make some progress on this.
>
>I have done a clean install and am now using the configuration file
>below for my Samba PDC. This has made no difference to the issue with
>usrmgr.exe. As before this is Samba 3.0.28a on Centos 5.1 x86_64 and
>nsswitch is configured to use winbind.
>
>[global]
> log level = 5
> workgroup = domb
> server string = Samba Server Version %v
> interfaces = lo, eth0
> passdb backend = tdbsam:/etc/samba/passdb.tdb
> username map = /etc/samba/smbusers
> log file = /var/log/samba/%m.log
> max log size = 50
>
> # Stuff that makes this machine a PDC.
> add user script = /usr/sbin/useradd "%u" -n -g domusers
> delete user script = /usr/sbin/userdel "%u"
> add group script = /usr/sbin/groupadd "%g"
> delete group script = /usr/sbin/groupdel "%g"
> delete user from group script = /usr/sbin/userdel "%u" "%g"
> add machine script = /usr/sbin/useradd -n -c "Workstation (%u)"
>-M -d /nohome -s /bin/false -g machines "%u"
> logon path = \\%L\Profiles\%U
> logon home = \\%L\%U\.profiles
> logon drive = H:
> domain logons = Yes
> os level = 33
> preferred master = Yes
> domain master = Yes
> wins proxy = Yes
> wins support = Yes
>
> # Equivalent of old behaviour.
> idmap domains = ALLDOMAINS
> idmap config ALLDOMAINS:default = yes
> idmap config ALLDOMAINS:backend = tdb
> idmap config ALLDOMAINS:range = 10000 - 50000
>
> idmap alloc backend = tdb
> idmap alloc config:range = 10000 - 50000
>
> winbind enum users = yes
> winbind enum groups = Yes
> winbind nested groups = yes
> hosts allow = 127., 192.168.42., 192.168.43.
> cups options = raw
>
>[homes]
> comment = Home Directories
> read only = No
> browseable = No
>
>[netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> guest ok = Yes
> browseable = No
> share modes = No
> read only = yes
>
>[profiles]
> path = /var/lib/samba/profiles
> read only = no
> create mask = 0600
> directory mask = 0700
>
>At this stage I believe there to be a problem with winbind as I have
>also tried the following.
>
>Creating a local group with "net -U root%xxxxxxx sam createlocalgroup
>local1", which succeeds.
>
>A portion of the output from "net groupmap list verbose" shows:
>local1
> SID : S-1-5-21-2991776595-4262790192-2958925130-1004
> Unix gid : 10053
> Unix group: local1
> Group type: Local Group
> Comment :
>
>Testing winbind with the following:
>[root at dombpdc ~]# wbinfo -G 10053
>S-1-5-21-2991776595-4262790192-2958925130-1004
>[root at dombpdc ~]# wbinfo -s
>"S-1-5-21-2991776595-4262790192-2958925130-1004"
>Could not lookup sid S-1-5-21-2991776595-4262790192-2958925130-1004
>
>Shouldn't both these commands work or am missing something?
>I tried it
>both with and without the quotes around the SID.
>
>Also
>
>[root at dombpdc ~]# wbinfo -D .
>Name : DOMB
>Alt_Name :
>SID : S-1-5-21-2991776595-4262790192-2958925130
>Active Directory : No
>Native : No
>Primary : Yes
>Sequence : -1
>
>[root at dombpdc ~]# wbinfo -u
>Error looking up domain users
>
>[root at dombpdc ~]# wbinfo -g
>BUILTIN\server operators
>BUILTIN\guests
>BUILTIN\power users
>BUILTIN\print operators
>BUILTIN\administrators
>BUILTIN\account operators
>BUILTIN\backup operators
>BUILTIN\users
>local1
>
>These are only the local groups. Shouldn't this list the domain groups
>as well?
>
>[root at dombpdc ~]# wbinfo --getdcname domb
>Could not get dc name for domb
>
>Which may well be the root of the problem?
>
>I am happy to supply which ever logs are required, just let me know.
>
>Thanks
>
>Mike
>
More information about the samba
mailing list