[Samba] Samba 3.6 problems with idmap rid
Dale Schroeder
dale at BriannasSaladDressing.com
Sun Jan 15 11:59:33 MST 2012
On 01/15/2012 12:35 PM, Jakov Sosic wrote:
> Hi!
>
> I am using mainly Samba 3.5 on CentOS, and I was very pleased with
> idmap_rid backend for SID-to-RID mappings.
>
> But on Solaris 10, I can only use 3.6 because OpenCSW ships only 3.6.
> Problem is, things are changed and are not working as expected...
>
> Here is my config on RHEL Samba 3.5:
>
> [global]
> workgroup = WINDOMAIN
> realm = WINDOMAIN.LOCAL
> server string = localserver (Samba ver. %v)
> security = ADS
> allow trusted domains = No
> password server = someserver.windomain.local
> log file = /var/log/samba/log.%m
> load printers = No
> local master = No
> domain master = No
> idmap backend = idmap_rid:WINDOMAIN=10000-49999
> idmap uid = 10000-49999
> idmap gid = 10000-49999
> winbind use default domain = Yes
> cups options = raw
>
>
>
> And it works like a charm. On a version 3.6:
>
> [global]
> workgroup = WINDOMAIN
> realm = WINDOMAIN.LOCAL
> server string = localserver (Samba ver. %v)
> security = ADS
> allow trusted domains = No
> username map = /etc/opt/csw/samba/smbusers
> syslog = 0
> log file = /var/opt/csw/samba/log/%m.log
> max log size = 500
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> load printers = No
> local master = No
> domain master = No
> winbind use default domain = Yes
> idmap config * : range = 10000-49999
> idmap config * : backend = rid : WINDOMAIN=10000-49999
>
>
> Now, on a 3.6 I have the following problem:
>
> # net ads testjoin
> Join is OK
>
> # net rpc testjoin
> Join to 'WINDOMAIN' is OK
>
> # net getlocalsid
> SID for domain LOCALSERVER is: S-1-5-21-1414315435-1886595200-1013317001
>
> # wbinfo -u | grep jakov.sosic
> jakov.sosic
>
> # wbinfo -i jakov.sosic
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user jakov.sosic
>
>
> Where am I wrong? Why can't I get rid mappings for domain users?
Jakov,
That looks similar to what Robert LeBlanc posted with Samba Bug 8676
(Debian Bug 652679). Compare his findings to what you see.
https://bugzilla.samba.org/show_bug.cgi?id=8676
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679
On my test systems using RID, I see similar, but not identical symptoms
to his HASH backend. For me, a reboot will restore connectivity until I
need to restart Samba or winbind. Then nothing but another reboot will
get winbind working again.
Dale
More information about the samba
mailing list