[Samba] winbind/idmap/AD problem?

Steve Rippl rippls at woodlandschools.org
Fri Jul 18 18:11:40 GMT 2008 

Hi,

I'm running 3.0.28a on Ubuntu 8.04 (their package).  I've got security =
ads and idmap backend = ad (smb.conf is posted below). I'm using
libnss-ldap and have ldap in nsswitch.conf (also posted below) and ldap
connected to the AD server.  I have the drive mounted using acl and
xattr_user options in fstab (acl is installed).  I can connect to the
share, I see in the logs that it's picking up the uid and gid from SFU
in AD, however, when I go into the explorer security tab (on the client)
and try to add a user it fails.  I don't get an error message within
windows (the user adding another user is the owner of the file/folder),
the user just disappears from the list as it refreshes!  On the server
I'm seeing a lot of this in log.winbindd-idmap

[2008/07/18 09:32:59, 1]
nsswitch/idmap_ad.c:idmap_ad_unixids_to_sids(294)
  ADS uninitialized

Now I don't know if this is related, but if I wbinfo -n wsd\\rippls I
get a long SID number, if I do wbinfo -s [same SID number] I get wsd
\rippls.  However, if I do wbinfo -U [uid for same user] I get a
different SID from before!

I'm trying very hard this summer to make this work so I can retire our
MS file server, so any help would be appreciated.  I tried this
initially in Etch, but I that version wasn't handling the connection to
AD for nss and winbind very well at all, hence I'm trying in Ubuntu.

Thanks!


====smb.conf=====

[global]

   workgroup = WSD
   realm = woodland.wednet.edu
   server string = %h server

   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0

   panic action = /usr/share/samba/panic-action %d

   security = ads
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   invalid users = root

   socket options = TCP_NODELAY

   idmap backend = ad
   winbind nss info = sfu
   winbind nested groups = yes
   winbind use default domain = yes


[Student]
   path = /srv/Student
   read only = no
   store dos attributes = yes
   nt acl support = yes
   map acl inherit = yes
   inherit acls = yes
   acl map full control = yes
   dos filemode = yes


=====nsswitch.conf=====

passwd:         files ldap
group:          files ldap
shadow:         files ldap

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

More information about the samba mailing list