[Samba] issue with mapping BUILTIN on ADS member server
Mark Casey
markc at unifiedgroup.com
Mon Feb 15 09:37:46 MST 2010
On 2/11/2010 2:53 PM, Mark Casey wrote:
> Hello list,
>
> Quick summary of the issue (repeated below after the details): Running
> 'wbinfo --user-info=markc' on either smb ads member server will return
> identical info. Running 'wbinfo --group-info=BUILTIN\\Users' returns
> different information on each server. I'd like to make mappings for
> BUILTIN consistent in case I ever use them.
>
> Background and details:
> (original message truncated)
>
> Thank you,
> Mark Casey
Anyone have any ideas? Here is the progress I've made on the
aforementioned test box's config. BUILTIN items are mapping, but they
still seem to be going to tdb instead of ldap.
[global]
server string = Dallas File Server
workgroup = UNIFIEDGROUP
realm = UNIFIEDGROUP.COM
security = ADS
# password server = *
password server = dal-dc1.unifiedgroup.com
#password server = dal-dc1.unifiedgroup.com,
den-dc1.unifiedgroup.com
# client schannel = Yes
# server schannel = Yes
username map = /etc/samba/smbusers
obey pam restrictions = Yes
enable privileges = Yes
map to guest = Bad User
# restrict anonymous = 2
allow trusted domains = No
# lanman auth = No
# ntlm auth = No
# client NTLMv2 auth = Yes
log level = 2
syslog = 0
# min protocol = NT1
# client signing = Yes
# server signing = Yes
load printers = No
preferred master = No
local master = No
domain master = No
dns proxy = No
ldap ssl = no
host msdfs = No
idmap domains = BUILTIN UNIFIEDGROUP
idmap alloc backend = ldap
template shell = /bin/false
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
winbind refresh tickets = Yes
idmap alloc config:range = 100000 - 500000
idmap alloc config:ldap_url = ldap://dal-dc1.unifiedgroup.com
idmap alloc config:ldap_user_dn =
cn=idmapmgr,cn=users,dc=unifiedgroup,dc=com
idmap alloc config:ldap_base_dn =
ou=idmap,dc=sambaidmap1,dc=unifiedgroup,dc=com
idmap config BUILTIN:range = 100000 - 500000
idmap config BUILTIN:ldap_url = ldap://dal-dc1.unifiedgroup.com
idmap config BUILTIN:ldap_user_dn =
cn=idmapmgr,cn=users,dc=unifiedgroup,dc=com
idmap config BUILTIN:ldap_base_dn =
ou=idmap,dc=sambaidmap1,dc=unifiedgroup,dc=com
idmap config BUILTIN:backend = ldap
idmap config UNIFIEDGROUP:range = 100000 - 500000
idmap config UNIFIEDGROUP:ldap_url =
ldap://dal-dc1.unifiedgroup.com
idmap config UNIFIEDGROUP:ldap_user_dn =
cn=idmapmgr,cn=users,dc=unifiedgroup,dc=com
idmap config UNIFIEDGROUP:ldap_base_dn =
ou=idmap,dc=sambaidmap1,dc=unifiedgroup,dc=com
idmap config UNIFIEDGROUP:backend = ldap
idmap config UNIFIEDGROUP:default = yes
hosts allow = (redacted)
map acl inherit = No
hide special files = Yes
map archive = No
map readonly = No
map system = No
map hidden = No
force create mode = 707
force directory mode = 707
ea support = No
store dos attributes = No
wide links = No
follow symlinks = No
dos filemode = No
add share command=/etc/samba/command_cust.pl
delete share command=/etc/samba/command_cust.pl
change share command=/etc/samba/command_cust.pl
Thanks in advance for any insight you may have,
Mark Casey
More information about the samba
mailing list