[Samba] idmap trouble
gregorcy
brian.gregorcy at utah.edu
Wed Nov 10 12:57:35 MST 2010
Hi,
I am hoping someone can point out what I am doing wrong, I am upgrading samba from 3.0.37 to 3.5.6 and running into
trouble with idmapping using ADS security. I have multiple linux boxes running 3.0.37 and when I execute getent passwd
I get:
# getent passwd DOMAIN+gregorcy
gregorcy:*:2933:1013:Brian Gregorcy:/home/DOMAIN/gregorcy:/bin/bash
on all the boxes running 3.0.37.
On my new box running 3.5.6 I get:
# getent passwd DOMAIN+gregorcy
gregorcy:*:502:506::/home/DOMAIN/gregorcy:/bin/bash
Which is not what I had hoped for. Both machines are joined to my domain and allow me to ssh into them using my AD
cred, just the uid & gid are not lining up.
My 3.0.37 smb.conf
> [global]
> workgroup = DOMAIN
> netbios name = harley
> realm = DOMAIN.UTAH.EDU
> server string = harley
> security = ADS
> preferred master = no
> client use spnego = yes
> server signing = auto
> encrypt passwords = yes
> nt acl support = yes
> acl map full control = yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> template shell = /bin/false
> password server = *
> log level = 3
> log file = /var/log/samba/%m
> max log size = 100
> preferred master = No
> dns proxy = No
> wins server = 192.168.1.100 192.168.1.101
> winbind cache time = 0
> winbind nested groups = yes
> allow trusted domains = No
> idmap backend = rid:KPAK=500-100000000
> idmap uid = 500-100000000
> idmap gid = 500-100000000
> template shell = /bin/bash
> winbind use default domain = Yes
> winbind separator = +
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> obey pam restrictions = yes
My 3.5.6 smb.conf
> [global]
> workgroup = DOMAIN
> netbios name = vwww3
> realm = DOMAIN.UTAH.EDU
> server string = web3
> security = ADS
> preferred master = no
> client use spnego = yes
> server signing = auto
> encrypt passwords = yes
> nt acl support = yes
> acl map full control = yes
> wide links = no
> password server = *
> log level = 3
> log file = /var/log/samba/%m
> max log size = 100
> wins server = 192.168.1.100 192.168.1.101
> winbind offline logon = yes
> idmap domains = default, domain.utah.edu
> idmap config default: default = yes
> idmap config domain.utah.edu: range = 500-100000000
> idmap config domain.utah.edu: backend = ad
> idmap alloc backend = tdb
> idmap uid = 500-100000000
> idmap gid = 500-100000000
> winbind separator = +
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = yes
> winbind nested groups = yes
> client ntlmv2 auth = yes
> encrypt passwords = yes
> template shell = /bin/bash
> allow trusted domains = yes
Thanks for any help,
Brian Gregorcy
More information about the samba
mailing list