[Samba] getent acting unreliable with idmap_ad
Nico De Ranter
nico at sonycom.com
Mon Aug 2 00:41:46 MDT 2010
thanks for your reply.
On Fri, 2010-07-30 at 17:45 +0200, Robert Grasso wrote:
> I personally solved my stability issues when, rather than letting Samba find automatically the AD servers, I stated them clearly :
> - I stated clearly my "password server =" in smb.conf
I already list my servers in "password server =", altough I do have the
impression that Samba may have problems with my 2008R2 servers. I'll try
playing with the settings.
> - I stated clearly my /etc/krb5.conf
Do you mean fill in /etc/krb5.conf properly or should I refer to it
somewhere in the smb.conf file? I'm sure my krb5.conf is correct is I
was using it in my old setup using kerberos+ldap authentication. I
found some reference on the Internet to an smb.conf variable "use
kerberos keytab = yes" however this doesn't seem to be accepted for
> I am running on CentOS 5.5, samba 3.0.33.
> Apart from that : I have installed SFU on my Windows 2003 AD servers; to me, it seems that getent passwd <username> yields a result
> for the accounts which have an Unix account declared in AD through the "Unix attributes", and only for these ones (?).
I think that's expected behaviour. idmap_ad looks upo uid/gid from AD
but doesn't create its own mapping if it doesn't find one. So any user
that doesn't have a proper unix uid/gid field won't show up. I also
noticed idmap_ad looks at the Windows Primary Group as gid in stead of
the group field on the unix tab. Therefor the Windows Primary Group also
needs to have a valid unix id assigned.
With kind regards
Nico De Ranter
Senior System Administrator
Technology and Software Centre Europe
The Corporate Village - Da Vincilaan 7-D1 - B-1935 Zaventem - Belgium
Phone: +32 (0)2 700 8641
Fax: +32 (0)2 700 8622
E-mail: nico.deranter at eu.sony.com
A division of Sony Europe (Belgium) N.V.
VAT BE 0413.825.160 - RPR Brussels
Fortis - BIC GEBABEBB - IBAN BE41293037680010
More information about the samba