[Samba] idmapping changes from 3.0.10 to 3.4.2.

Wayne Rasmussen waynemonarch at gmail.com
Mon Nov 2 17:06:19 MST 2009 

Backendwise, it has to be local, we don't have any write permission to AD or
LDAP.

If I do: wbinfo -n knixon, I get the ssid back.  Taking it to the next level
with:
wbinfo -S `wbinfo -n knixon`  gets me:
Could not convert sid S-1-5-21-1606980848-1644491937-839522115-152478 to uid
So it looks like we are getting what we need from AD and that I just have
some kind of issue with the smb.conf configuration.

On Sun, Nov 1, 2009 at 7:10 AM, Robert LeBlanc <robert at leblancnet.us> wrote:

> You seem to be missing an idmap backend entry. If you are going to 3.4, you
> may want to look at hash, there is also RID. If you already have an extended
> schema, you may want to look at ads.
>
> Robert LeBlanc
> Life Sciences & Undergraduate Education Computer Support
> Brigham Young University
>
>
>   On Fri, Oct 30, 2009 at 4:37 PM, Wayne Rasmussen <waynemonarch at gmail.com
> > wrote:
>
>>  idmapping changes from  3.0.10 to 3.4.2.
>>
>> Trying to transition from 3.0.10 to 3.4.2 with a minimal change to the
>> system
>> meaning it would be nice to only change the smb.conf file if possible.
>>
>> The new version doesn't seem to properly work.  getent passwd only
>> produces
>> entries from /etc/passwd.  Sometimes, getent passwd user will get results
>> but usually they don't.
>>
>> Also, when winbindd (ves 3.0.10) started it would have a heavy load for
>> about
>> 15 minutes while it loaded information.  This version (3.4.2) seems to
>> have
>> very little load so it seems to act differently or it is having a problem.
>>
>> Any suggestions on how to change the global section below quickly and
>> easily
>> to make this a transparent tranision?
>>
>> Below is the global section of our smb.conf for 3.0.10.
>> Note: I changed the workgroup/realm for posting. I just want it to work
>> like
>> the previous system worked.
>>
>> [global]
>>        workgroup = XX
>>        realm = XX.YYY.ZZZ
>>        security = ADS
>>        encrypt passwords = yes
>>        log level = 1
>>        idmap uid = 2000-900000
>>        idmap gid = 2000-900000
>>        winbind enum users = yes
>>        winbind enum groups = yes
>>        template homedir = /u/%U
>>        template shell = /bin/false
>>        winbind use default domain = yes
>>        winbind cache time = 1800
>>        wins server = 143.231.3.194 143.231.40.66
>>        client schannel = no
>> #starting to add stuff to see how things are working
>> #username map = /usr/local/samba/lib/users.map
>> #guestaccount = NULL
>> #load printers = yes
>> log file = /usr/local/samba/var/log.%m
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>

More information about the samba mailing list