[Samba] Failing to get uids from AD
Nick Triantos
nick at triantos.com
Sat Jul 14 10:50:09 MDT 2012
Hi,
I'm still having trouble getting Samba 3.6.3 / Winbind to fetch UIDs from AD 2008 R2 with the Services for Unix feature installed. My users have uidNumber fields which contain the UIDs I want. I'm on Ubuntu 12.04
The global part of my smb.conf. I've tried changing 'winbind nss info' and 'schema_mode' to sfu as well.
security = ADS
realm = CORP.mycompany.COM
allow trusted domains = yes
winbind use default domain = yes
winbind nested groups = YES
winbind enum groups = yes
winbind enum users = yes
winbind nss info = rfc2307
winbind refresh tickets = yes
idmap config CORP : backend = ad
idmap config CORP : schema_mode = rfc2307
#idmap config * : backend = tdb
idmap config * : default = yes
idmap config * : range = 900 - 99999
Each time I re-test, I delete the files:
/var/run/samba/gencache*.tdb
/var/cache/samba/winbindd_cache.tdb
/var/lib/samba/winbindd_idmap.tdb
My users always come back with an id in the range mapped above (900+), even though their IDs should actually be 1000+.
When I run an ldapsearch query, I get back results for my users that include (as well as other fields):
sAMAccountName: ross
userPrincipalName: ross at corp....
lockoutTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=corp,...
uid: ross
mail: ross at ...
msSFU30Name: ross
msSFU30NisDomain: corp
uidNumber: 1006
gidNumber: 100
unixHomeDirectory: /home/ross
loginShell: /bin/bash
Any suggestions of things I can try are greatly appreciated.
thanks!
-Nick
More information about the samba
mailing list