[Samba] Unable to access server with IDMAP_RID in place - samba 3.2.0

Robert M. Martel - CSU r.martel at csuohio.edu
Thu Jul 31 13:37:26 GMT 2008


Greetings,

I have a number of samba servers that will need to become Active 
Directory (AD) member servers.  The testing I've done so far with 
default mapping has worked just fine.

I configured a server to be an AD member server, joined it to AD but was 
unable to access it from a client PC - I get prompted for authentication 
on the client which shouldn't be happening.  The log file shows:

[2008/07/31 09:08:19,  5] lib/username.c:Get_Pwnam_alloc(133)
   Finding user CSUNET\1001362
[2008/07/31 09:08:19,  5] lib/username.c:Get_Pwnam_internals(77)
   Trying _Get_Pwnam(), username as lowercase is csunet\1001362
[2008/07/31 09:08:19,  5] lib/username.c:Get_Pwnam_internals(85)
   Trying _Get_Pwnam(), username as given is CSUNET\1001362
[2008/07/31 09:08:19,  5] lib/username.c:Get_Pwnam_internals(104)
   Checking combinations of 0 uppercase letters in csunet\1001362
[2008/07/31 09:08:19,  5] lib/username.c:Get_Pwnam_internals(110)
   Get_Pwnam_internals didn't find user [CSUNET\1001362]!
[2008/07/31 09:08:19,  5] lib/username.c:Get_Pwnam_alloc(133)
   Finding user 1001362
[2008/07/31 09:08:19,  5] lib/username.c:Get_Pwnam_internals(77)
   Trying _Get_Pwnam(), username as lowercase is 1001362
[2008/07/31 09:08:19,  5] lib/username.c:Get_Pwnam_internals(104)
   Checking combinations of 0 uppercase letters in 1001362
[2008/07/31 09:08:19,  5] lib/username.c:Get_Pwnam_internals(110)
   Get_Pwnam_internals didn't find user [1001362]!
[2008/07/31 09:08:19,  1] smbd/sesssetup.c:reply_spnego_kerberos(474)
   Username CSUNET\1001362 is invalid on this system


If I comment out the IDMAP_RID line of smb.conf, I can access the server 
just fine.

 From the documentation and yesterday's web searches it seems very 
simple to use IDMAP_RID - nothing to set-up, just adding the line to the 
smb.conf with the UID range to use.

Is there a step I am missing?

This is Samba 3.2.0 on Sun Solaris (Sparc) 9.  The section for this from 
my smb.conf looks like:

    idmap backend = idmap_rid:CSUNET=10000-20000
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind enum users = no
    winbind enum groups = no
    winbind use default domain = yes
    winbind nested groups = Yes
    template shell = /usr/bin/bash
    template homedir = /home/%U
    allow trusted domains = No

Any ideas appreciated as I don't know where to look.
-Bob


-- 
***********************************************************************
Bob Martel,System Administrator  I met someone who looks a lot like you
Levin College of Urban Affairs   She does the things you do
Cleveland State University       But she is an IBM
(216) 687-2214
r.martel at csuohio.edu                                -Jeff Lynne
***********************************************************************


More information about the samba mailing list