[Samba] FreeBSD 7.2 domain member problem - partially SOLVED
Diego Zuccato
diego.zuccato at unibo.it
Mon Nov 23 00:45:51 MST 2009
Ivo Karabojkov wrote:
> I was totally unable to get idmap_rid working! So I am using the default
> IDMAP backend - tdb.
Not good if you need that the same user receives the same UID on
different machines.
> The problem with not working pw user / group show -a or getent passwd /
> group was that nss_winbind.so was not where it supposed to. To correct this
> I used:
> ln -s /usr/local/lib/nss_winbind.so.1 /usr/lib/
> ln -s /usr/local/lib/nss_winbind.so.1 /usr/lib/nss_winbind.so.2
That's really ugly and shouldn't be needed on ANY distro. And it seems
you're looking for troubles (.1 and .2 IIRC have different ABI).
> Now all my users and groups are visible with pw or getent!
> rid backend would give predictable sid <-> uid/gid mapping, with this
> solution mapping changes every time server is joined to AD domain. But I
> failed setting it up - it seems idmap_rid does not map anything...
>
> If someone may help with better solution I will be grateful.
In my config I map users in two domains to different UID/GID values with
the following config:
winbind uid = 100000-100000000
winbind gid = 100000-100000000
idmap config DOM1:backend = rid
idmap config DOM1:base_rid = 500
idmap config DOM1:range = 100000 - 49999999
idmap config DOM2:backend = rid
idmap config DOM2:base_rid = 500
idmap config DOM2:range = 50000000 - 99999999
Maybe you need just:
winbind uid = 100000-100000000
winbind gid = 100000-100000000
idmap config backend = rid
And be sure to "testparm -v" any changes to smb.conf
--
Diego Zuccato
Servizi Informatici
Dip. di Astronomia - Università di Bologna
Via Ranzani, 1 - 40126 Bologna - Italy
tel.: +39 051 20 95786
mail: diego.zuccato at unibo.it
More information about the samba
mailing list