[Samba] Configuring idmap for a Samba 3.2.4 AD member server
deisner at gmail.com
Mon Nov 10 20:42:06 GMT 2008
I'm hoping somebody can point me to the right documentation for
setting up the following scenario.
Earlier this year I had Samba 3.0.28a working as a member server of a
(Windows Server 2003) AD domain, using Solaris 10 and Heimdal
Kerberos. I was able to log into the server using AD accounts, getent
passwd worked, etc. I was using "secruity=ads" with these settings
netbios name = MYSMBSRV
realm = MYDOMAIN.FOO.ORG
use kerberos keytab = Yes
idmap domains = MYDOMAIN
idmap config MYDOMAIN:backend = ad
idmap config MYDOMAIN:default = yes
idmap config MYDOMAIN:schema_mode = rfc2307
idmap config MYDOMAIN:range = 10000 - 300000000
idmap alloc backend = tdb
idmap alloc config:range = 5000 - 9999
winbind nss info = rfc2307
It may be that some of this is superfluous but I was fortunate enough
that it worked anyway.
Now I'd like to get the same thing going with Samba 3.2.4. I'm able
to join the samba server to the domain, and kinit
an_account at MYDOMAIN.FOO.ORG works, but that's about it. Winbindd eats
up all the CPU on one processor when I start it, and getent passwd
fails to return any non-local accounts. Wbinfo -u sits for a long time
and then fails with "Error looking up domain users".
Looking at a packet dump, I see about a hojillion repeats of this:
164 5.581492 ... RPC_NETLOGON DsrEnumerateDomainTrusts request
165 5.581931 ... RPC_NETLOGON DsrEnumerateDomainTrusts response
My question: Is the following portion of the Official HOWTO up-to-date?
None of it mentions using "idmap config". I may be mistaken, but I
don't see anything in the HOWTO about using "idmap config":
Where should I look for definitive, up-to-date instructions for
configuring this with Samba 3.2.4?
Thanks in advance.
David Eisner http://cradle.brokenglass.com
More information about the samba