[Samba] FreeBSD 7.2 domain member problem - partially SOLVED

Ivo Karabojkov ivo at kit-bg.com
Mon Nov 23 04:22:24 MST 2009 

Without links (maybe just 1 is enough, I'll test) no resolution to the OS
occurred at all - users and groups were visible via wbinfo, but not with
getent or pw.

With RID I tried a lot of combinations (including shown by you or just
idmap backend = rid:DOMAIN:10000-20000) with totally no success.

I should try this again with linked .so.1 library and I'll write back



Diego Zuccato-2 wrote:
> 
> Ivo Karabojkov wrote:
> 
>> I was totally unable to get idmap_rid working! So I am using the default
>> IDMAP backend - tdb.
> Not good if you need that the same user receives the same UID on 
> different machines.
> 
>> The problem with not working pw user / group show -a or getent passwd /
>> group was that nss_winbind.so was not where it supposed to. To correct
>> this
>> I used:
>> ln -s /usr/local/lib/nss_winbind.so.1 /usr/lib/
>> ln -s /usr/local/lib/nss_winbind.so.1 /usr/lib/nss_winbind.so.2 
> That's really ugly and shouldn't be needed on ANY distro. And it seems 
> you're looking for troubles (.1 and .2 IIRC have different ABI).
> 
>> Now all my users and groups are visible with pw or getent!
>> rid backend would give predictable sid <-> uid/gid mapping, with this
>> solution mapping changes every time server is joined to AD domain. But I
>> failed setting it up - it seems idmap_rid does not map anything...
>> 
>> If someone may help with better solution I will be grateful.
> In my config I map users in two domains to different UID/GID values with 
> the following config:
>          winbind uid = 100000-100000000
>          winbind gid = 100000-100000000
> 
>          idmap config DOM1:backend = rid
>          idmap config DOM1:base_rid  = 500
>          idmap config DOM1:range = 100000 - 49999999
>          idmap config DOM2:backend = rid
>          idmap config DOM2:base_rid  = 500
>          idmap config DOM2:range = 50000000 - 99999999
> 
> Maybe you need just:
>          winbind uid = 100000-100000000
>          winbind gid = 100000-100000000
>          idmap config backend = rid
> 
> And be sure to "testparm -v" any changes to smb.conf
> 
> -- 
> Diego Zuccato
> Servizi Informatici
> Dip. di Astronomia - Università di Bologna
> Via Ranzani, 1 - 40126 Bologna - Italy
> tel.: +39 051 20 95786
> mail: diego.zuccato at unibo.it
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 

-- 
View this message in context: http://old.nabble.com/FreeBSD-7.2-domain-member-problem-tp26204285p26476164.html
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list