[Samba] PDC forgot it was part of domain... "official" (ha!) samba hack around to fix...
Linda Walsh
samba at tlinx.org
Thu Aug 18 13:33:49 MDT 2011
Michael Wood wrote:
>
>> I didn't get the benefit of '*' added to my wbinfo...
>>
>
> I don't understand what you mean by this.
>
Just saw this note by Bendikt Schindler:
>
>> Of course, as noted earlier, my wbinfo also doesn't seem to know about
>> builtin SID's either .. so am having to add them...
>>
-------- Original Message --------
Subject: samba 3.6: "autorid" has no domain order
Date: Fri, 12 Aug 2011 18:23:14 +0200
From: Benedikt Schindler <BeniSchindler at gmx.de>
To: samba at lists.samba.org
[snip & noting multiple future snips @ random! ]
I first tried autorid with a config like this:
winbind enum users = yes
winbind enum groups = yes
idmap backend = autorid
idmap gid = 100000-1499999
idmap gid = 100000-1499999
allow trusted domains = yes
... then later
I also read the mail about the new idmapping so i also tried these
configuration:
winbind enum users = yes
winbind enum groups = yes
allow trusted domains = yes
idmap config A : backend = rid
idmap config A : range = 100000 - 199999
idmap config A : base_rid = 1000
idmap config B : backend = rid
idmap config B : range = 200000 - 299999
idmap config B : base_rid = 1000
-----
Then next note he says:
if i use this config:
> > winbind enum users = yes
> > winbind enum groups = yes
> > allow trusted domains = yes
> >
> > idmap config * : backend = tdb
> > idmap config * : range = 70000-99999
> >
> > idmap config A : backend = rid
> > idmap config A : range = 100000 - 199999
> > idmap config A : base_rid = 1000
> >
> > idmap config B : backend = rid
> > idmap config B : range = 200000 - 299999
> > idmap config B : base_rid = 1000
>
i get folowing message from a SID of domain A: server3:~ # wbinfo -S
S-1-5-21-1004336348-920026266-682003330-1113 failed to call wbcSidToUid:
WBC_ERR_DOMAIN_NOT_FOUND Could not convert sid
S-1-5-21-1004336348-920026266-682003330-1113 to uid i change this line
> > allow trusted domains = no
>
server3:~ # wbinfo -S S-1-5-21-1004336348-920026266-682003330-1113
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND Could not convert
sid S-1-5-21-1004336348-920026266-682003330-1113 to uid it does not
work. i change this line
> > idmap config * : backend = rid
>
server3:~ # wbinfo -S S-1-5-21-1004336348-920026266-682003330-1113 100113
so it "works" ... but "getent passwd" still does not show any user.
so there is still a long way to go.
if i delete all the "idmap config * " parts it won't work again.
----------------------------------^^^^
But also if it does work.... i need trusted domain support. the only
config that realy works right now, is the new "autorid".
Alot of the error he is describing I saw as well, but I didn't see the email
about the new idmapping that told about '*'...(or that it was needed.
My server thought there was 2 domains due to the case-change problem --
that's
why it kept looking for *, which I am guessing is supposed to be some
type of domain locator addres.
My DB, since I'd only ever had 1 never had entries setup for 2, but when
the name
got changed by NMB -- suddenly there 2 servers -- and calls coming in
for Domain,
were getting refused on "DOMAIN"....
That's my best explanation yet, as to what happened...
More information about the samba
mailing list