[Samba] FreeBSD 7.2 domain member problem - partially SOLVED

Diego Zuccato diego.zuccato at unibo.it
Mon Nov 23 00:45:51 MST 2009

Ivo Karabojkov wrote:

> I was totally unable to get idmap_rid working! So I am using the default
> IDMAP backend - tdb.
Not good if you need that the same user receives the same UID on 
different machines.

> The problem with not working pw user / group show -a or getent passwd /
> group was that nss_winbind.so was not where it supposed to. To correct this
> I used:
> ln -s /usr/local/lib/nss_winbind.so.1 /usr/lib/
> ln -s /usr/local/lib/nss_winbind.so.1 /usr/lib/nss_winbind.so.2 
That's really ugly and shouldn't be needed on ANY distro. And it seems 
you're looking for troubles (.1 and .2 IIRC have different ABI).

> Now all my users and groups are visible with pw or getent!
> rid backend would give predictable sid <-> uid/gid mapping, with this
> solution mapping changes every time server is joined to AD domain. But I
> failed setting it up - it seems idmap_rid does not map anything...
> If someone may help with better solution I will be grateful.
In my config I map users in two domains to different UID/GID values with 
the following config:
         winbind uid = 100000-100000000
         winbind gid = 100000-100000000

         idmap config DOM1:backend = rid
         idmap config DOM1:base_rid  = 500
         idmap config DOM1:range = 100000 - 49999999
         idmap config DOM2:backend = rid
         idmap config DOM2:base_rid  = 500
         idmap config DOM2:range = 50000000 - 99999999

Maybe you need just:
         winbind uid = 100000-100000000
         winbind gid = 100000-100000000
         idmap config backend = rid

And be sure to "testparm -v" any changes to smb.conf

Diego Zuccato
Servizi Informatici
Dip. di Astronomia - Università di Bologna
Via Ranzani, 1 - 40126 Bologna - Italy
tel.: +39 051 20 95786
mail: diego.zuccato at unibo.it

More information about the samba mailing list