[Samba] Samba 3.6.0: unable to list Active Directoy users

Michael Wood esiotrot at gmail.com
Fri Aug 12 04:25:00 MDT 2011 

Hi

On 12 August 2011 10:23, David Touzeau <david at touzeau.eu> wrote:
> Dear all
>
> I have upgraded my Samba from 3.5.x to a newest 3.6.0 version.
> My Samba is connected to an Active Directory 2008 R2
>
>
> the "getent passwd" did not display any ActiveDirectoy Domains users.
> the "net ads group" display correctly the ActiveDirectory groups :
>
> net ads group
> Administrateurs
> Utilisateurs
> Invités
> Opérateurs d’impression
> Opérateurs de sauvegarde
> Duplicateurs
> Utilisateurs du Bureau à distance
> Opérateurs de configuration réseau
> Utilisateurs de l’Analyseur de performances
> Utilisateurs du journal de performances
> Utilisateurs du modèle COM distribué
> IIS_IUSRS
> Opérateurs de chiffrement
> Lecteurs des journaux d’événements
> Accès DCOM service de certificats
> Ordinateurs du domaine
>
>
>
> I think there is a misconfiguration in my setup but did not find any
> solution:
> Where i'm wrong ?
>
>
> [global]
>        workgroup = TOUZEAU
>        netbios name = bdc2
>        server string = %h server
>        disable netbios =no
>        max protocol = SMB2
>        name resolve order =host lmhosts wins bcast
>        dns proxy = No
>        wins support = No
>        min protocol = NT1
>        syslog = 3
>        log level = 10
>        log file = /var/log/samba/log.%m
>        debug timestamp = yes
>
> #       Enable symbolics links -----------------------------------
>        follow symlinks = yes
>        wide links = yes
>        unix extensions = no
>
>        usershare allow guests = no
>        usershare max shares = 100
>        usershare owner only = true
>        usershare path=/var/lib/samba/usershares/data
>
> #Guest access
>        guest account = nobody
>        map to guest = Bad Password
>        template homedir = /home/%U
>        template shell = /bin/false
>        enable privileges = yes
>        os level = 40
>        ldap passwd sync = no
>
> #WINBINDD *******************************************************
>        security = ADS
>        realm = TOUZEAU.HOME
>
>        idmap config TOUZEAU:backend = ad
>        idmap config TOUZEAU:readonly = yes
>        idmap config TOUZEAU:schema_mode = rfc2307
>        idmap config * : range = 16777216-33554431

The way idmap works was changed with 3.6.0.  I don't know if the above
is wrong, but perhaps it is something to consider.

e.g. I don't know if "readonly" is supported.  I've seen mention of
"read only", but not in the idmap_ad code.  But maybe I missed it.

Also, the idmap_ad documentation implies that you need something like this:

    idmap config * : backend = tdb
    idmap config * : range = 1000000-1999999

    idmap config TOUZEAU : backend  = ad
    idmap config TOUZEAU : range = 1000-999999
    idmap config TOUZEAU : schema_mode = rfc2307

I am not sure if the above is relevant to you :) but I hope it helps.

-- 
Michael Wood <esiotrot at gmail.com>

More information about the samba mailing list