[Samba] Samba 3.6.0: unable to list Active Directoy users
Michael Wood
esiotrot at gmail.com
Fri Aug 12 04:25:00 MDT 2011
Hi
On 12 August 2011 10:23, David Touzeau <david at touzeau.eu> wrote:
> Dear all
>
> I have upgraded my Samba from 3.5.x to a newest 3.6.0 version.
> My Samba is connected to an Active Directory 2008 R2
>
>
> the "getent passwd" did not display any ActiveDirectoy Domains users.
> the "net ads group" display correctly the ActiveDirectory groups :
>
> net ads group
> Administrateurs
> Utilisateurs
> Invités
> Opérateurs d’impression
> Opérateurs de sauvegarde
> Duplicateurs
> Utilisateurs du Bureau à distance
> Opérateurs de configuration réseau
> Utilisateurs de l’Analyseur de performances
> Utilisateurs du journal de performances
> Utilisateurs du modèle COM distribué
> IIS_IUSRS
> Opérateurs de chiffrement
> Lecteurs des journaux d’événements
> Accès DCOM service de certificats
> Ordinateurs du domaine
>
>
>
> I think there is a misconfiguration in my setup but did not find any
> solution:
> Where i'm wrong ?
>
>
> [global]
> workgroup = TOUZEAU
> netbios name = bdc2
> server string = %h server
> disable netbios =no
> max protocol = SMB2
> name resolve order =host lmhosts wins bcast
> dns proxy = No
> wins support = No
> min protocol = NT1
> syslog = 3
> log level = 10
> log file = /var/log/samba/log.%m
> debug timestamp = yes
>
> # Enable symbolics links -----------------------------------
> follow symlinks = yes
> wide links = yes
> unix extensions = no
>
> usershare allow guests = no
> usershare max shares = 100
> usershare owner only = true
> usershare path=/var/lib/samba/usershares/data
>
> #Guest access
> guest account = nobody
> map to guest = Bad Password
> template homedir = /home/%U
> template shell = /bin/false
> enable privileges = yes
> os level = 40
> ldap passwd sync = no
>
> #WINBINDD *******************************************************
> security = ADS
> realm = TOUZEAU.HOME
>
> idmap config TOUZEAU:backend = ad
> idmap config TOUZEAU:readonly = yes
> idmap config TOUZEAU:schema_mode = rfc2307
> idmap config * : range = 16777216-33554431
The way idmap works was changed with 3.6.0. I don't know if the above
is wrong, but perhaps it is something to consider.
e.g. I don't know if "readonly" is supported. I've seen mention of
"read only", but not in the idmap_ad code. But maybe I missed it.
Also, the idmap_ad documentation implies that you need something like this:
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
idmap config TOUZEAU : backend = ad
idmap config TOUZEAU : range = 1000-999999
idmap config TOUZEAU : schema_mode = rfc2307
I am not sure if the above is relevant to you :) but I hope it helps.
--
Michael Wood <esiotrot at gmail.com>
More information about the samba
mailing list