[Samba] Can't get idmap connected to AD unix attribs

Robert Freeman-Day presgas at gmail.com
Tue Jul 10 08:26:12 MDT 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nick,

I think what you may be looking for is the ad backend:

https://www.samba.org/samba/docs/man/manpages-3/idmap_ad.8.html

Since you are using tdb in your config, it is using a local database
and allocates UID/GIDs on the fly...first come, first served.  So a
user may not get the same UID from one machine to the next.

Robert

On 07/10/2012 12:20 AM, Nick Triantos wrote:
> Hi,
> 
> I'm trying to get an Ubuntu 12.04 system's Samba (3.6.3) and
> Winbind to map userids and groups to the unix attributes in an AD
> 2008 server. I can see that when I perform an ldapsearch, I'm able
> to read the attributes, and for one of my accounts, the id should
> be 1001. However, when I run 'wbinfo -i <username>', I get back
> something like 920.
> 
> At one point, I was setting the idmap range to start at 900, but
> I've since removed that from my config, and restarted winbindd and
> smbd. I've also tried to 'net cache flush'.
> 
> I also see wbinfo -i <someuser> usually returns: failed to call
> wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user
> <someuser>
> 
> The relevant parts of my smb.conf are below. I've tried patching
> this together from various tuts and help pages. Any guidance would
> be very helpful.
> 
> thanks! -Nick
> 
> [global] workgroup = CORP security = ADS password server =
> 192.168.77.251 realm = CORP.MYCOMPANY.COM allow trusted domains =
> yes winbind use default domain = yes winbind nested groups = YES 
> idmap config CORP : backend = tdb idmap config CORP : default =
> yes idmap config CORP : schema_mode = rfc2307 idmap config CORP :
> range = 1000 - 9999 idmap config * : backend = tdb encrypt
> passwords = true obey pam restrictions = yes client use spnego =
> yes client ntlmv2 auth = yes encrypt passwords = true restrict
> anonymous = 2 unix password sync = yes winbind enum groups = yes 
> winbind enum users = yes winbind nss info = rfc2307
> 
> 


- -- 
________

Robert Freeman-Day

https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/8O4QACgkQup357T5MfTZprwCeJ7iMF7NcxUctOd7bOAFqT4ZZ
AAgAoMqnWGK5E5LWZxxMxsUaVhfbil9Y
=yLz3
-----END PGP SIGNATURE-----

More information about the samba mailing list