Fwd: [Samba] Winbind 3.0.26a cannot authenticate with ActiveDirectory

Fri Feb 29 04:30:25 GMT 2008

Douglas VanLeuven wrote:
> Walter Huf wrote:
>> I changed those lines, and nothing seemed to change.
>> However, I remembered more information that I could include.
>> getent passwd does not list domain users, only local users.

Something still looks wrong to me with your pam config.  But I checked
the release note archives.  3.0.25 introduced the changes to the idmap
backend.

Here's what I use as the alternative to the old syntax

        winbind enum users = Yes
        winbind enum groups = Yes
        winbind nss info = sfu
        idmap domains = FOREST
        idmap config FOREST:backend = ad
        idmap config FOREST:schema_mode = sfu
        idmap config FOREST:readonly = yes
        idmap config FOREST:range = 200 - 20000
        idmap config FOREST:default = yes

        idmap alloc backend = tdb
        idmap alloc config:range = 50000-50999

There is a document "A new IDMAP subsystem" on the samba website that I
think is more illuminative than the manpages.  Thank Simo!

http://www.samba.org/~idra/samba3_newidmap.pdf

Regards, Doug