[Samba] samba 3.5.4 winbind rfc2307

Jay Coleman jay.coleman at cctechnol.com
Fri Apr 15 16:03:01 MDT 2011


We recently updated our domain to 2008R2 servers from 2000.

I know the services for unix changed from the proprietary setup in 2000 
to rfc2307 compliant around 2003 R2

I've updated samba to 3.5.4 (apparently most earlier versions don't play 
well with the changes in AD), and gotten things essentially working.  
The problem is users created since the old 2000 servers have been retired.

Users with the old msSFU info in the schema work fine, users without 
that info fail.


         workgroup = BLAH
         realm = BLAH.NOWHERE.COM
         password server = styx.blah.nowhere.com, aurora.blah.nowhere.com
         security = ADS
         netbios name = HECTOR
         local master = No
         domain master = No
     idmap backend = tdb
     idmap domains = BLAH
     idmap config BLAH:backend = ad
     idmap config BLAH:schema mode = rfc2307
     idmap config BLAH:range = 1000-100000
         inherit acls = Yes
         map acl inherit = Yes
         idmap uid = 1000 - 100000
         idmap gid = 1000 - 100000
         winbind separator = +
         winbind nss info = rfc2307 template
         winbind nested groups = Yes
         winbind use default domain = Yes
     winbind refresh tickets = Yes
         winbind enum users = No
         winbind enum groups = No
         winbind offline logon = true
         template shell = /bin/bash
     template homedir = /home/%U

I've tried both sfu and rfc2307, no difference.  I've tried enum users 
and groups both on and off, no difference.

For an example, if I do a wbinfo -i on one of the older accounts (with 
both msSFU and rfc2307 info in the schema, confirmed by ldapsearch), I 
get correct response, no problem.  When I do a wginfo -i on a new 
account, I get
[2011/04/15 18:52:44.737596,  1] 
   Could not get unix ID
in the winbindd-idmap log

Oddly, on that same user I can't get wbinfo -i, if I do
wbinfo -n name
wbinfo -S (SID)
it gives me the UID



Jeremiah Coleman
Systems Administrator
C&  C Technologies
Extension 3421
jay.coleman at cctechnol.com

More information about the samba mailing list