[Samba] regression in 3.2.4? Homedir not retrieved with idmap_ad
jelmer.jaarsma at sara.nl
Thu Nov 6 10:29:52 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
I'm currently running Ubuntu Intrepid and I'm testing Samba (winbind
specifically) with our Active Directory.
Our AD schema has been extended with the proper fields for storing
With Samba 3.2.3 the homedir fields are properly being read from the AD,
with Samba 3.2.4 they are not, the values returned by "wbinfo -i <user>"
and/or "getent passwd" will have the format of /home/%D/%U, which is the
default for the "template homedir" setting which I have *not* specified
in my smb.conf. A workaround for me currently is to specify the
"template homedir" setting with the correct format in smb.conf.
More detailed info:
When I'm using the samba-3.2.3 package currently in Ubuntu Intrepid
everything is working properly, except that Winbind keeps on
segfaulting. I believe it is related to the fact that we have users and
groups who do NOT have the RFC2307 fields filled. This specific bug was
fixed in Samba 3.2.4 (and I've filed a bug at Ubuntu for it).
Since Ubuntu is currently not shipping a samba 3.2.4 package I took the
package sources from Debian unstable and recompiled those on Intrepid.
Since the samba-3.2.3 package from Ubuntu had been synched with Debian I
doubt that this is much of a problem.
So just to be clear about this, I'm comparing the Ubuntu
2:3.2.3-1ubuntu3 package to the Debian 2:3.2.4-1 package.
You will find my smb.conf attached below.
workgroup = KA
realm = KA.SARA.NL
server string = %h server (Samba, Ubuntu)
security = ADS
map to guest = Bad User
obey pam restrictions = Yes
disable netbios = yes
passdb backend = tdbsam
pam password change = Yes
use kerberos keytab = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap backend = ad
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
winbind offline logon = true
winbind refresh tickets = true
winbind expand groups = 10
auth methods = winbind
log level = 0 winbind:5
debug class = yes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba