[Samba] Samba 3.6 problems with idmap rid

Dale Schroeder dale at BriannasSaladDressing.com
Sun Jan 15 11:59:33 MST 2012 

On 01/15/2012 12:35 PM, Jakov Sosic wrote:
> Hi!
>
> I am using mainly Samba 3.5 on CentOS, and I was very pleased with
> idmap_rid backend for SID-to-RID mappings.
>
> But on Solaris 10, I can only use 3.6 because OpenCSW ships only 3.6.
> Problem is, things are changed and are not working as expected...
>
> Here is my config on RHEL Samba 3.5:
>
> [global]
>          workgroup = WINDOMAIN
>          realm = WINDOMAIN.LOCAL
>          server string = localserver (Samba ver. %v)
>          security = ADS
>          allow trusted domains = No
>          password server = someserver.windomain.local
>          log file = /var/log/samba/log.%m
>          load printers = No
>          local master = No
>          domain master = No
>          idmap backend = idmap_rid:WINDOMAIN=10000-49999
>          idmap uid = 10000-49999
>          idmap gid = 10000-49999
>          winbind use default domain = Yes
>          cups options = raw
>
>
>
> And it works like a charm. On a version 3.6:
>
> [global]
>          workgroup = WINDOMAIN
>          realm = WINDOMAIN.LOCAL
>          server string = localserver (Samba ver. %v)
>          security = ADS
>          allow trusted domains = No
>          username map = /etc/opt/csw/samba/smbusers
>          syslog = 0
>          log file = /var/opt/csw/samba/log/%m.log
>          max log size = 500
>          socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>          load printers = No
>          local master = No
>          domain master = No
>          winbind use default domain = Yes
>          idmap config * : range = 10000-49999
>          idmap config * : backend = rid : WINDOMAIN=10000-49999
>
>
> Now, on a 3.6 I have the following problem:
>
> # net ads testjoin
> Join is OK
>
> # net rpc testjoin
> Join to 'WINDOMAIN' is OK
>
> # net getlocalsid
> SID for domain LOCALSERVER is: S-1-5-21-1414315435-1886595200-1013317001
>
> # wbinfo -u | grep jakov.sosic
> jakov.sosic
>
> # wbinfo -i jakov.sosic
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user jakov.sosic
>
>
> Where am I wrong? Why can't I get rid mappings for domain users?

Jakov,

That looks similar to what Robert LeBlanc posted with Samba Bug 8676 
(Debian Bug 652679).  Compare his findings to what you see.

https://bugzilla.samba.org/show_bug.cgi?id=8676
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679

On my test systems using RID, I see similar, but not identical symptoms 
to his HASH backend.  For me, a reboot will restore connectivity until I 
need to restart Samba or winbind.  Then nothing but another reboot will 
get winbind working again.

Dale

More information about the samba mailing list