[Samba] samba 3.6: "autorid" has no domain order
Benedikt Schindler
BeniSchindler at gmx.de
Tue Aug 16 03:04:57 MDT 2011
Hello,
also in LogLevel 10 there is no error i could find.
But i have more config examples and what happens.
if i use this config:
> winbind enum users = yes
> winbind enum groups = yes
> allow trusted domains = yes
>
> idmap config * : backend = tdb
> idmap config * : range = 70000-99999
>
> idmap config A : backend = rid
> idmap config A : range = 100000 - 199999
> idmap config A : base_rid = 1000
>
> idmap config B : backend = rid
> idmap config B : range = 200000 - 299999
> idmap config B : base_rid = 1000
i get folowing message from a SID of domain A:
server3:~ # wbinfo -S S-1-5-21-1004336348-920026266-682003330-1113
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-1004336348-920026266-682003330-1113 to uid
i change this line
> allow trusted domains = no
server3:~ # wbinfo -S S-1-5-21-1004336348-920026266-682003330-1113
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-1004336348-920026266-682003330-1113 to uid
it does not work.
i change this line
> idmap config * : backend = rid
server3:~ # wbinfo -S S-1-5-21-1004336348-920026266-682003330-1113
100113
so it "works" ... but "getent passwd" still does not show any user.
so there is still a long way to go.
if i delete all the "idmap config * " parts it won't work again.
But also if it does work.... i need trusted domain support.
the only config that realy works right now, is the new "autorid".
LogLevel10 shows no errors at all.
------------
Benedikt
Am 12.08.2011 18:23, schrieb Benedikt Schindler:
> Hello,
>
> i try to create a samba server for more then one trusted domain.
> I know there were some issues with samba 3.5, and in the internet i
> always read, i should use samba 3.4.
>
> So i wanted to give 3.6 a chance.
>
> I first tried autorid with a config like this:
>
> winbind enum users = yes
> winbind enum groups = yes
>
> idmap backend = autorid
> idmap gid = 100000-1499999
> idmap gid = 100000-1499999
> allow trusted domains = yes
>
> It works fine. And Domain A starts in the 200000 and Domain B with
> 300000. But my problem is, i have two different samba Servers that
> should get the same uid and gid.
> On the second Server Domain B also starts with 300000 but domain A
> starts with 4000000. So there is no correct mapping between these two
> servers. It is, because the main Domain of the second server is B and
> not A like in the first server.
>
> Is there a way to tell autorid a order of domains? like: "idmap autorid
> domains = A, B"
>
> I also read the mail about the new idmapping so i also tried these
> configuration:
>
> winbind enum users = yes
> winbind enum groups = yes
> allow trusted domains = yes
>
> idmap config A : backend = rid
> idmap config A : range = 100000 - 199999
> idmap config A : base_rid = 1000
>
> idmap config B : backend = rid
> idmap config B : range = 200000 - 299999
> idmap config B : base_rid = 1000
>
> With this configuration i get with "winbind -u" all users, but "getent
> passwd" is still empty.
>
> And a group group-info shows WBC_ERR_DOMAIN_NOT_FOUND.
>
> server:/ # wbinfo --group-info A\\marketing
> failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for group A\marketing
> server:/ # wbinfo --group-info B\\marketing
> failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for group B\marketing
>
>
> I didn't find any real helpfull logs to get a clue what's wrong with
> this config. But i think it is the same as in 3.5 and i have to go back
> to 3.4?
>
> any ideas?
>
> best regards
> Benedikt
More information about the samba
mailing list