[Samba] AD Integration woes - rfc2307 data not being honored
Matthew J. Salerno
vagabond_king at yahoo.com
Fri Oct 9 09:25:55 MDT 2009
Red Hat Enterprise Linux Server release 5.2 (Tikanga) - x86_64
Samba - 3.0.28-0.el5.8
Objective: To have samba authenticate against AD and utilize the values set for the AD rfc2307 schema.
Problem: Values stored in AD are not being used.
The samba server has successfully joined the AD, but when I do a getent passwd | grep <user> the uid, none of the values returned match what is stored in AD. The UidNumber for my account in AD is 20045, but I keep getting 1000195. I'm not so worried about the unixHomeDirectory or loginShell, it would be nice to get them, but the UID is a must.
TESTDOMAIN+username:*:1000195:1000000:User Info:/home/TESTDOMAIN/username:/bin/bash
Everytime I make any changes to the config, I always clean up and rejoin the domain:
rm -f /var/log/samba/*.tdb && rm -f /etc/samba/*tdb && rm -f /var/cache/samba/* && rm -f /var/log/samba/*
service smb restart && service winbind restart
Any help would be greatly appreciated.
Here is my smb.conf
[global]
workgroup = TESTDOMAIN
realm = TESTDOMAIN.NET
server string = Samba file and print server
security = ADS
log level = 3
log file = /var/log/samba/%m
max log size = 200
printcap name = cups
preferred master = No
idmap backend = tdb
idmap cache time = 1800
idmap uid = 1000000-1999999
idmap gid = 1000000-1999999
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = rfc2307, template
winbind refresh tickets = Yes
idmap config TESTDOMAIN:cache time = 1800
idmap config TESTDOMAIN:range = 1000-999999
idmap config TESTDOMAIN:backend = ad
idmap config TESTDOMAIN:schema_mode = rfc2307
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[printers]
comment = All Printers
guest ok = Yes
printable = Yes
browseable = No
available = No
More information about the samba
mailing list