[Samba] Samba 3.5.5. id-map issues with Active Directory
Haven
haven at thehavennet.org.uk
Thu Sep 30 07:42:47 MDT 2010
To fix this issue on Debian I have rolled back to 3.4.8 using the
following cached deb files:
> libwbclient0_2%3a3.4.8~dfsg-2_amd64.deb
> samba-common_2%3a3.4.8~dfsg-2_all.deb
> smbclient_2%3a3.4.8~dfsg-2_amd64.deb
> samba_2%3a3.4.8~dfsg-2_amd64.deb
> samba-common-bin_2%3a3.4.8~dfsg-2_amd64.deb
> winbind_2%3a3.4.8~dfsg-2_amd64.deb
This has fixed the issue but I'm no closer to discovering what
exactly is broken which is very unsatisfying.
To be sure that its not just a Debian issue I recompiled from source
on Debian and also tested on Gentoo (using 3.5.5) with the same results.
Is anyone aware of any changes in 3.5.5 that would cause this using
my config from the original post ?
Regards
Simon
On 09/28/10 12:18, Haven wrote:
> Hi,
>
> I'm running Debian Squeeze on a few machines that are all
> authenticating to a pair of Windows 2008 servers. After upgrading
> to samba 3.5.5 from 3.4.8 idmap has stopped resolving which is
> preventing user authentication on these boxes. The boxes that have
> been left at 3.4.8 continue to work fine.
>
> On the 3.5.5 boxes wbinfo and net ads show lists of users and
> groups without issue yet id is not able to map uid's any more.
>
> nsswitch.conf is using:
>> passwd: files winbind
>> group: files winbind
>> shadow: files winbind
>
> I can successfully connect the affected servers to the AD domain
> using net ads join and the keytab also generates fine.
>
> I have included my smb.conf below and will happily provide any
> details that will help.
>
> Many thanks for your time.
>
> Regards
>
> Simon
>
>> [global]
>>
>> # Debuging domain auth issues:
>> debug level = 10
>>
>> workgroup = DOMAIN
>> security = ads
>> kerberos method = system keytab
>> winbind use default domain = true
>> realm = DOMAIN.NET
>>
>> disable netbios = yes
>> name resolve order = host lmhosts
>> hosts allow = 127.0.0.1 192.168.1.0/24 93.97.246.119
>> hosts deny = 0.0.0.0/0
>>
>> password server = 192.168.1.2, 192.168.1.3, *
>>
>> idmap config DOMAIN:default = yes
>> idmap config DOMAIN:schema_mode = rfc2307
>> idmap config DOMAIN:backend = ad
>> idmap config DOMAIN:range = 10000-20000
>>
>> idmap backend = ad
>> winbind offline logon = yes
>> winbind nested groups = yes
>> winbind separator = +
>> winbind cache time = 3600
>> winbind enum users = Yes
>> winbind enum groups = Yes
>> winbind nested groups = Yes
>> winbind nss info = rfc2307
>>
>> template homedir = /home/%U
>> template shell = /bin/bash
>> client ntlmv2 auth = yes
>> encrypt passwords = true
>>
>> local master = no
>> domain master = no
>> preferred master = no
>> dns proxy = no
>>
>> server string = Samba Server Version %v
>>
>> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
>> SO_RCVBUF=8192 SO_SNDBUF=8192
>>
>> # Fix character set issues:
>> #
>> http://www.unixresources.net/linux/lf/59/archive/00/00/13/18/131896.html
>>
>> dos charset = 850
>> unix charset = UTF-8
>
More information about the samba
mailing list