[Samba] Samba 3.6 problems with idmap rid

David Roid dataroid at gmail.com
Mon Jan 16 01:15:27 MST 2012 

Ever since upgrade to 3.6, wbinfo -u working but wbinfo -i hitting
WBC_ERR_DOMAIN_NOT_FOUND has been a headache, seems winbind always fails to
get the domain info for individual idmap the VERY FIRST TIME you start it
after upgrade or join a domain. Most of times I manage to solve it by
using:

<smb.conf>
    idmap config * : range = 10000-20000
    idmap config * : backend = tdb
    idmap config MYDOMAIN : default = yes
    idmap config MYDOMAIN : range = 100000-200000
    idmap config MYDOMAIN : backend = rid
<smb.conf>

If above snip doesn't work, try your luck with changing "idmap config *"
options back to old-style "idmap uid/gid = ...." + "idmap backend = tdb"
while keeping your domain-specific options new-style, ought to solve it.

My observation is, it's like you have to give winbind/idmap a kick start
and once you get wbinfo -i working, you can again change back to "idmap
config *" (otherwise testparm will complain).

Regards
-David

2012/1/16 Jakov Sosic <jakov.sosic at srce.hr>

> Hi!
>
> I am using mainly Samba 3.5 on CentOS, and I was very pleased with
> idmap_rid backend for SID-to-RID mappings.
>
> But on Solaris 10, I can only use 3.6 because OpenCSW ships only 3.6.
> Problem is, things are changed and are not working as expected...
>
> Here is my config on RHEL Samba 3.5:
>
> [global]
>        workgroup = WINDOMAIN
>        realm = WINDOMAIN.LOCAL
>        server string = localserver (Samba ver. %v)
>        security = ADS
>        allow trusted domains = No
>        password server = someserver.windomain.local
>        log file = /var/log/samba/log.%m
>        load printers = No
>        local master = No
>        domain master = No
>        idmap backend = idmap_rid:WINDOMAIN=10000-49999
>        idmap uid = 10000-49999
>        idmap gid = 10000-49999
>        winbind use default domain = Yes
>        cups options = raw
>
>
>
> And it works like a charm. On a version 3.6:
>
> [global]
>        workgroup = WINDOMAIN
>        realm = WINDOMAIN.LOCAL
>        server string = localserver (Samba ver. %v)
>        security = ADS
>        allow trusted domains = No
>        username map = /etc/opt/csw/samba/smbusers
>        syslog = 0
>        log file = /var/opt/csw/samba/log/%m.log
>        max log size = 500
>        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>        load printers = No
>        local master = No
>        domain master = No
>        winbind use default domain = Yes
>        idmap config * : range = 10000-49999
>        idmap config * : backend = rid : WINDOMAIN=10000-49999
>
>
> Now, on a 3.6 I have the following problem:
>
> # net ads testjoin
> Join is OK
>
> # net rpc testjoin
> Join to 'WINDOMAIN' is OK
>
> # net getlocalsid
> SID for domain LOCALSERVER is: S-1-5-21-1414315435-1886595200-1013317001
>
> # wbinfo -u | grep jakov.sosic
> jakov.sosic
>
> # wbinfo -i jakov.sosic
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user jakov.sosic
>
>
> Where am I wrong? Why can't I get rid mappings for domain users?
>
>
>
> --
> Jakov Sosic
> www.srce.unizg.hr
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list