[Samba] winbind/idmap/AD problem?
Steve Rippl
rippls at woodlandschools.org
Fri Jul 18 18:11:40 GMT 2008
Hi,
I'm running 3.0.28a on Ubuntu 8.04 (their package). I've got security =
ads and idmap backend = ad (smb.conf is posted below). I'm using
libnss-ldap and have ldap in nsswitch.conf (also posted below) and ldap
connected to the AD server. I have the drive mounted using acl and
xattr_user options in fstab (acl is installed). I can connect to the
share, I see in the logs that it's picking up the uid and gid from SFU
in AD, however, when I go into the explorer security tab (on the client)
and try to add a user it fails. I don't get an error message within
windows (the user adding another user is the owner of the file/folder),
the user just disappears from the list as it refreshes! On the server
I'm seeing a lot of this in log.winbindd-idmap
[2008/07/18 09:32:59, 1]
nsswitch/idmap_ad.c:idmap_ad_unixids_to_sids(294)
ADS uninitialized
Now I don't know if this is related, but if I wbinfo -n wsd\\rippls I
get a long SID number, if I do wbinfo -s [same SID number] I get wsd
\rippls. However, if I do wbinfo -U [uid for same user] I get a
different SID from before!
I'm trying very hard this summer to make this work so I can retire our
MS file server, so any help would be appreciated. I tried this
initially in Etch, but I that version wasn't handling the connection to
AD for nss and winbind very well at all, hence I'm trying in Ubuntu.
Thanks!
====smb.conf=====
[global]
workgroup = WSD
realm = woodland.wednet.edu
server string = %h server
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = ads
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
invalid users = root
socket options = TCP_NODELAY
idmap backend = ad
winbind nss info = sfu
winbind nested groups = yes
winbind use default domain = yes
[Student]
path = /srv/Student
read only = no
store dos attributes = yes
nt acl support = yes
map acl inherit = yes
inherit acls = yes
acl map full control = yes
dos filemode = yes
=====nsswitch.conf=====
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
More information about the samba
mailing list