Fwd: [Samba] Winbind 3.0.26a cannot authenticate
with ActiveDirectory
Douglas VanLeuven
roamdad at sonic.net
Fri Feb 29 04:30:25 GMT 2008
Douglas VanLeuven wrote:
> Walter Huf wrote:
>> I changed those lines, and nothing seemed to change.
>> However, I remembered more information that I could include.
>> getent passwd does not list domain users, only local users.
Something still looks wrong to me with your pam config. But I checked
the release note archives. 3.0.25 introduced the changes to the idmap
backend.
Here's what I use as the alternative to the old syntax
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = sfu
idmap domains = FOREST
idmap config FOREST:backend = ad
idmap config FOREST:schema_mode = sfu
idmap config FOREST:readonly = yes
idmap config FOREST:range = 200 - 20000
idmap config FOREST:default = yes
idmap alloc backend = tdb
idmap alloc config:range = 50000-50999
There is a document "A new IDMAP subsystem" on the samba website that I
think is more illuminative than the manpages. Thank Simo!
http://www.samba.org/~idra/samba3_newidmap.pdf
Regards, Doug
More information about the samba
mailing list