[Samba] Samba 3.5.5. id-map issues with Active Directory
Haven
haven at thehavennet.org.uk
Tue Sep 28 05:18:15 MDT 2010
Hi,
I'm running Debian Squeeze on a few machines that are all
authenticating to a pair of Windows 2008 servers. After upgrading to
samba 3.5.5 from 3.4.8 idmap has stopped resolving which is
preventing user authentication on these boxes. The boxes that have
been left at 3.4.8 continue to work fine.
On the 3.5.5 boxes wbinfo and net ads show lists of users and groups
without issue yet id is not able to map uid's any more.
nsswitch.conf is using:
> passwd: files winbind
> group: files winbind
> shadow: files winbind
I can successfully connect the affected servers to the AD domain
using net ads join and the keytab also generates fine.
I have included my smb.conf below and will happily provide any
details that will help.
Many thanks for your time.
Regards
Simon
> [global]
>
> # Debuging domain auth issues:
> debug level = 10
>
> workgroup = DOMAIN
> security = ads
> kerberos method = system keytab
> winbind use default domain = true
> realm = DOMAIN.NET
>
> disable netbios = yes
> name resolve order = host lmhosts
> hosts allow = 127.0.0.1 192.168.1.0/24 93.97.246.119
> hosts deny = 0.0.0.0/0
>
> password server = 192.168.1.2, 192.168.1.3, *
>
> idmap config DOMAIN:default = yes
> idmap config DOMAIN:schema_mode = rfc2307
> idmap config DOMAIN:backend = ad
> idmap config DOMAIN:range = 10000-20000
>
> idmap backend = ad
> winbind offline logon = yes
> winbind nested groups = yes
> winbind separator = +
> winbind cache time = 3600
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind nested groups = Yes
> winbind nss info = rfc2307
>
> template homedir = /home/%U
> template shell = /bin/bash
> client ntlmv2 auth = yes
> encrypt passwords = true
>
> local master = no
> domain master = no
> preferred master = no
> dns proxy = no
>
> server string = Samba Server Version %v
>
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
> SO_RCVBUF=8192 SO_SNDBUF=8192
>
> # Fix character set issues:
> #
> http://www.unixresources.net/linux/lf/59/archive/00/00/13/18/131896.html
> dos charset = 850
> unix charset = UTF-8
More information about the samba
mailing list