[Samba] samba 3.5.4 winbind rfc2307
Jay Coleman
jay.coleman at cctechnol.com
Fri Apr 15 16:03:01 MDT 2011
Hi,
We recently updated our domain to 2008R2 servers from 2000.
I know the services for unix changed from the proprietary setup in 2000
to rfc2307 compliant around 2003 R2
I've updated samba to 3.5.4 (apparently most earlier versions don't play
well with the changes in AD), and gotten things essentially working.
The problem is users created since the old 2000 servers have been retired.
Users with the old msSFU info in the schema work fine, users without
that info fail.
smb.conf:
[global]
workgroup = BLAH
realm = BLAH.NOWHERE.COM
password server = styx.blah.nowhere.com, aurora.blah.nowhere.com
security = ADS
netbios name = HECTOR
local master = No
domain master = No
idmap backend = tdb
idmap domains = BLAH
idmap config BLAH:backend = ad
idmap config BLAH:schema mode = rfc2307
idmap config BLAH:range = 1000-100000
inherit acls = Yes
map acl inherit = Yes
idmap uid = 1000 - 100000
idmap gid = 1000 - 100000
winbind separator = +
winbind nss info = rfc2307 template
winbind nested groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind enum users = No
winbind enum groups = No
winbind offline logon = true
template shell = /bin/bash
template homedir = /home/%U
I've tried both sfu and rfc2307, no difference. I've tried enum users
and groups both on and off, no difference.
For an example, if I do a wbinfo -i on one of the older accounts (with
both msSFU and rfc2307 info in the schema, confirmed by ldapsearch), I
get correct response, no problem. When I do a wginfo -i on a new
account, I get
[2011/04/15 18:52:44.737596, 1]
winbindd/idmap_ad.c:651(idmap_ad_sids_to_unixids)
Could not get unix ID
in the winbindd-idmap log
Oddly, on that same user I can't get wbinfo -i, if I do
wbinfo -n name
(SID)
wbinfo -S (SID)
it gives me the UID
Ideas?
Thanks
--
Jeremiah Coleman
Systems Administrator
C& C Technologies
337-735-3741
Extension 3421
jay.coleman at cctechnol.com
More information about the samba
mailing list