[Samba] getent acting unreliable with idmap_ad

[Nico De Ranter]

Hi Robert,

thanks for your reply.


On Fri, 2010-07-30 at 17:45 +0200, Robert Grasso wrote:
> Hello,
> 
> I personally solved my stability issues when, rather than letting Samba find automatically the AD servers, I stated them clearly : 
> 
> - I stated clearly my "password server =" in smb.conf

I already list my servers in "password server =", altough I do have the
impression that Samba may have problems with my 2008R2 servers. I'll try
playing with the settings.

> - I stated clearly my /etc/krb5.conf

Do you mean fill in /etc/krb5.conf properly or should I refer to it
somewhere in the smb.conf file?  I'm sure my krb5.conf is correct is I
was using it in my old setup using kerberos+ldap authentication.  I
found some reference on the Internet to an smb.conf variable "use
kerberos keytab = yes" however this doesn't seem to be accepted for
Samba 3.4.7


> I am running on CentOS 5.5, samba 3.0.33.
> 
> Apart from that : I have installed SFU on my Windows 2003 AD servers; to me, it seems that getent passwd <username> yields a result
> for the accounts which have an Unix account declared in AD through the "Unix attributes", and only for these ones (?).

I think that's expected behaviour. idmap_ad looks upo uid/gid from AD
but doesn't create its own mapping if it doesn't find one. So any user
that doesn't have a proper unix uid/gid field won't show up.  I also
noticed idmap_ad looks at the Windows Primary Group as gid in stead of
the group field on the unix tab. Therefor the Windows Primary Group also
needs to have a valid unix id assigned.

Nico




-- 
With kind regards

Nico De Ranter
Senior System Administrator
Techsoft Centre

Technology and Software Centre Europe
The Corporate Village - Da Vincilaan 7-D1 - B-1935 Zaventem - Belgium

Phone:    +32 (0)2 700 8641
Fax:          +32 (0)2 700 8622
E-mail:    nico.deranter at eu.sony.com

A division of Sony Europe (Belgium) N.V.
VAT BE 0413.825.160 - RPR Brussels
Fortis - BIC GEBABEBB - IBAN BE41293037680010