[Samba] Unable to access server with IDMAP_RID in place - samba
3.2.0
Robert M. Martel - CSU
r.martel at csuohio.edu
Thu Jul 31 13:37:26 GMT 2008
Greetings,
I have a number of samba servers that will need to become Active
Directory (AD) member servers. The testing I've done so far with
default mapping has worked just fine.
I configured a server to be an AD member server, joined it to AD but was
unable to access it from a client PC - I get prompted for authentication
on the client which shouldn't be happening. The log file shows:
[2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_alloc(133)
Finding user CSUNET\1001362
[2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(77)
Trying _Get_Pwnam(), username as lowercase is csunet\1001362
[2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(85)
Trying _Get_Pwnam(), username as given is CSUNET\1001362
[2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(104)
Checking combinations of 0 uppercase letters in csunet\1001362
[2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(110)
Get_Pwnam_internals didn't find user [CSUNET\1001362]!
[2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_alloc(133)
Finding user 1001362
[2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(77)
Trying _Get_Pwnam(), username as lowercase is 1001362
[2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(104)
Checking combinations of 0 uppercase letters in 1001362
[2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(110)
Get_Pwnam_internals didn't find user [1001362]!
[2008/07/31 09:08:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(474)
Username CSUNET\1001362 is invalid on this system
If I comment out the IDMAP_RID line of smb.conf, I can access the server
just fine.
From the documentation and yesterday's web searches it seems very
simple to use IDMAP_RID - nothing to set-up, just adding the line to the
smb.conf with the UID range to use.
Is there a step I am missing?
This is Samba 3.2.0 on Sun Solaris (Sparc) 9. The section for this from
my smb.conf looks like:
idmap backend = idmap_rid:CSUNET=10000-20000
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
winbind nested groups = Yes
template shell = /usr/bin/bash
template homedir = /home/%U
allow trusted domains = No
Any ideas appreciated as I don't know where to look.
-Bob
--
***********************************************************************
Bob Martel,System Administrator I met someone who looks a lot like you
Levin College of Urban Affairs She does the things you do
Cleveland State University But she is an IBM
(216) 687-2214
r.martel at csuohio.edu -Jeff Lynne
***********************************************************************
More information about the samba
mailing list