[Samba] issue with mapping BUILTIN on ADS member server

Mark Casey markc at unifiedgroup.com
Mon Feb 15 09:37:46 MST 2010 

On 2/11/2010 2:53 PM, Mark Casey wrote:
> Hello list,
>
> Quick summary of the issue (repeated below after the details): Running 
> 'wbinfo --user-info=markc' on either smb ads member server will return 
> identical info. Running 'wbinfo --group-info=BUILTIN\\Users' returns 
> different information on each server. I'd like to make mappings for 
> BUILTIN consistent in case I ever use them.
>
> Background and details:
> (original message truncated)
>
> Thank you,
> Mark Casey


Anyone have any ideas? Here is the progress I've made on the 
aforementioned test box's config. BUILTIN items are mapping, but they 
still seem to be going to tdb instead of ldap.

[global]
         server string = Dallas File Server
         workgroup = UNIFIEDGROUP
         realm = UNIFIEDGROUP.COM
         security = ADS
#       password server = *
         password server = dal-dc1.unifiedgroup.com
         #password server = dal-dc1.unifiedgroup.com, 
den-dc1.unifiedgroup.com
#       client schannel = Yes
#       server schannel = Yes
         username map = /etc/samba/smbusers
         obey pam restrictions = Yes
         enable privileges = Yes
         map to guest = Bad User
#       restrict anonymous = 2
         allow trusted domains = No
#       lanman auth = No
#       ntlm auth = No
#       client NTLMv2 auth = Yes
         log level = 2
         syslog = 0
#       min protocol = NT1
#       client signing = Yes
#       server signing = Yes
         load printers = No
         preferred master = No
         local master = No
         domain master = No
         dns proxy = No
         ldap ssl = no
         host msdfs = No
         idmap domains = BUILTIN UNIFIEDGROUP
         idmap alloc backend = ldap
         template shell = /bin/false
         winbind enum users = Yes
         winbind enum groups = Yes
         winbind use default domain = No
         winbind refresh tickets = Yes
         idmap alloc config:range = 100000 - 500000
         idmap alloc config:ldap_url = ldap://dal-dc1.unifiedgroup.com
         idmap alloc config:ldap_user_dn = 
cn=idmapmgr,cn=users,dc=unifiedgroup,dc=com
         idmap alloc config:ldap_base_dn = 
ou=idmap,dc=sambaidmap1,dc=unifiedgroup,dc=com

         idmap config BUILTIN:range = 100000 - 500000
         idmap config BUILTIN:ldap_url = ldap://dal-dc1.unifiedgroup.com
         idmap config BUILTIN:ldap_user_dn = 
cn=idmapmgr,cn=users,dc=unifiedgroup,dc=com
         idmap config BUILTIN:ldap_base_dn = 
ou=idmap,dc=sambaidmap1,dc=unifiedgroup,dc=com
         idmap config BUILTIN:backend = ldap

         idmap config UNIFIEDGROUP:range = 100000 - 500000
         idmap config UNIFIEDGROUP:ldap_url = 
ldap://dal-dc1.unifiedgroup.com
         idmap config UNIFIEDGROUP:ldap_user_dn = 
cn=idmapmgr,cn=users,dc=unifiedgroup,dc=com
         idmap config UNIFIEDGROUP:ldap_base_dn = 
ou=idmap,dc=sambaidmap1,dc=unifiedgroup,dc=com
         idmap config UNIFIEDGROUP:backend = ldap
         idmap config UNIFIEDGROUP:default = yes
         hosts allow = (redacted)
         map acl inherit = No
         hide special files = Yes
         map archive = No
         map readonly = No
         map system = No
         map hidden = No
         force create mode = 707
         force directory mode = 707
         ea support = No
         store dos attributes = No
         wide links = No
         follow symlinks = No
         dos filemode = No
         add share command=/etc/samba/command_cust.pl
         delete share command=/etc/samba/command_cust.pl
         change share command=/etc/samba/command_cust.pl

Thanks in advance for any insight you may have,
Mark Casey

More information about the samba mailing list