[Samba] Samba 3.5.5. id-map issues with Active Directory

Haven haven at thehavennet.org.uk
Tue Sep 28 05:18:15 MDT 2010


  Hi,

I'm running Debian Squeeze on a few machines that are all 
authenticating to a pair of Windows 2008 servers. After upgrading to 
samba 3.5.5 from 3.4.8 idmap has stopped resolving which is 
preventing user authentication on these boxes. The boxes that have 
been left at 3.4.8 continue to work fine.

On the 3.5.5 boxes wbinfo and net ads show lists of users and groups 
without issue yet id is not able to map uid's any more.

nsswitch.conf is using:
> passwd:     files winbind
> group:      files winbind
> shadow:     files winbind

I can successfully connect the affected servers to the AD domain 
using net ads join and the keytab also generates fine.

I have included my smb.conf below and will happily provide any 
details that will help.

Many thanks for your time.

Regards

Simon

> [global]
>
> # Debuging domain auth issues:
> debug level = 10
>
> workgroup = DOMAIN
> security = ads
> kerberos method = system keytab
> winbind use default domain = true
> realm = DOMAIN.NET
>
> disable netbios = yes
> name resolve order = host lmhosts
> hosts allow = 127.0.0.1 192.168.1.0/24 93.97.246.119
> hosts deny = 0.0.0.0/0
>
> password server = 192.168.1.2, 192.168.1.3, *
>
> idmap config DOMAIN:default = yes
> idmap config DOMAIN:schema_mode = rfc2307
> idmap config DOMAIN:backend = ad
> idmap config DOMAIN:range = 10000-20000
>
> idmap backend = ad
> winbind offline logon = yes
> winbind nested groups = yes
> winbind separator = +
> winbind cache time = 3600
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind nested groups = Yes
> winbind nss info = rfc2307
>
> template homedir = /home/%U
> template shell = /bin/bash
> client ntlmv2 auth = yes
> encrypt passwords = true
>
> local master = no
> domain master = no
> preferred master = no
> dns proxy = no
>
> server string = Samba Server Version %v
>
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE 
> SO_RCVBUF=8192 SO_SNDBUF=8192
>
> # Fix character set issues:
> # 
> http://www.unixresources.net/linux/lf/59/archive/00/00/13/18/131896.html
> dos charset = 850
> unix charset = UTF-8



More information about the samba mailing list