[Samba] Winbind 3.5.4 and SFU
Ryan Whelan
ryan.whelan at tbamerica.com
Thu Aug 12 15:24:11 MDT 2010
We have Windows 2008R2 domain controllers running 2003 functional level with
SFU (i think thats what its called, im not the windows admin :p ) . With
Winbind 3.0.33 (on Redhat 5.5) I can get the UIDs/GIDs from AD without issue
using:
idmap config DOMAIN:backend = ad
idmap config DOMAIN:default = yes
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000 - 30000
winbind nss info = rfc2307
However, with winbind/samba 3.3 and 3.5 (i've tried both) i just can't get
the NSS info to be retrieved. With above config, it doesn't work. i've
tried the idmap adex plugin and i get the same results. The current config
is lifted right from the idmap_adex man page:
idmap backend = adex
idmap uid = 10000-30000
idmap gid = 10000-30000
winbind nss info = adex
winbind normalize names = yes
# winbind nss info = rfc2307
# winbind nss info = sfu
(neither of these work)
With this config, i can get all the user names and SIDs from AD. `wbinfo -u`
will print all the domain user names, and `wbinfo -n administrator` will
return the SID. However, `wbinfo -i administrator` returns "Could not get
info for user administrator" as does `id administrator` (i have 'default
domain' set to 'true')
Everything works if i let samba assign UIDs.
What am i missing? It doesn't look like there is much info on the adex
plugin. i can't find much other than the usage in the man page.
I'm not sure what all info would be helpful to include as im not sure im
even trying the right config/plugins. If i missed the how-to on this,
please point me in the correct direction.
Thanks!
More information about the samba
mailing list