[Samba] Winbind 3.5.4 and SFU

Ryan Whelan ryan.whelan at tbamerica.com
Thu Aug 12 15:24:11 MDT 2010

We have Windows 2008R2 domain controllers running 2003 functional level with
SFU (i think thats what its called, im not the windows admin :p ) .  With
Winbind 3.0.33 (on Redhat 5.5) I can get the UIDs/GIDs from AD without issue

   idmap config DOMAIN:backend = ad
   idmap config DOMAIN:default = yes
   idmap config DOMAIN:schema_mode = rfc2307
   idmap config DOMAIN:range = 10000 - 30000
   winbind nss info = rfc2307

However, with winbind/samba 3.3 and 3.5 (i've tried both) i just can't get
the NSS info to be retrieved.  With above config, it doesn't work. i've
tried the idmap adex plugin and i get the same results.  The current config
is lifted right from the idmap_adex man page:

   idmap backend = adex
   idmap uid = 10000-30000
   idmap gid = 10000-30000
   winbind nss info = adex
   winbind normalize names = yes

# winbind nss info = rfc2307
# winbind nss info = sfu
 (neither of these work)

With this config, i can get all the user names and SIDs from AD. `wbinfo -u`
will print all the domain user names, and `wbinfo -n administrator` will
return the SID.  However, `wbinfo -i administrator` returns "Could not get
info for user administrator" as does `id administrator` (i have 'default
domain' set to 'true')

Everything works if i let samba assign UIDs.

What am i missing? It doesn't look like there is much info on the adex
plugin. i can't find much other than the usage in the man page.

I'm not sure what all info would be helpful to include as im not sure im
even trying the right config/plugins.  If i missed the how-to on this,
please point me in the correct direction.


More information about the samba mailing list