[Samba] Can't get idmap connected to AD unix attribs
Nick Triantos
nick at triantos.com
Mon Jul 9 22:20:46 MDT 2012
Hi,
I'm trying to get an Ubuntu 12.04 system's Samba (3.6.3) and Winbind to map userids and groups to the unix attributes in an AD 2008 server. I can see that when I perform an ldapsearch, I'm able to read the attributes, and for one of my accounts, the id should be 1001. However, when I run 'wbinfo -i <username>', I get back something like 920.
At one point, I was setting the idmap range to start at 900, but I've since removed that from my config, and restarted winbindd and smbd. I've also tried to 'net cache flush'.
I also see wbinfo -i <someuser> usually returns:
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user <someuser>
The relevant parts of my smb.conf are below. I've tried patching this together from various tuts and help pages. Any guidance would be very helpful.
thanks!
-Nick
[global]
workgroup = CORP
security = ADS
password server = 192.168.77.251
realm = CORP.MYCOMPANY.COM
allow trusted domains = yes
winbind use default domain = yes
winbind nested groups = YES
idmap config CORP : backend = tdb
idmap config CORP : default = yes
idmap config CORP : schema_mode = rfc2307
idmap config CORP : range = 1000 - 9999
idmap config * : backend = tdb
encrypt passwords = true
obey pam restrictions = yes
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = true
restrict anonymous = 2
unix password sync = yes
winbind enum groups = yes
winbind enum users = yes
winbind nss info = rfc2307
More information about the samba
mailing list