[Samba] Winbind Issues with Server 2003/2008

Volker Lendecke Volker.Lendecke at SerNet.DE
Mon Mar 12 01:00:34 MDT 2012


On Mon, Mar 12, 2012 at 10:17:26AM +1000, Nathan Frankish wrote:
> I really hate emailing lists, but I've come to a wall that I just cant
> work out how to get past at the moment, so am hoping for some community
> assistance if possible.
> 
>  
> 
> Some background:
> 
> We are running Windows Server 2003 on all of our domain controllers, and
> are in the middle of migrating to server 2008 R2. We have unix exentions
> enabled (rfc2307 I believe), and manage all of our uids/shell/home via
> this. 
> 
>  
> 
> Our linux servers are a mix of RHEL 5.1, 5.4 and 5.5.
> 
>  
> 
> We were using Samba 3.0.33-3.29.el5_5.1 or equivalent on most of our
> servers, but we hit a stone wall when trying to get them to co-exist
> with a domain controller that was running Server 2008.
> 
> So we upgraded to the redhat package Samba3x which I believe is 3.3.8 on
> some of the hosts and 3.5.10 on the others.
> 
>  
> 
> However then we hit the snafu that the servers running samba3x wouldn't
> talk to the domain controllers running server 2003 still.  To combat
> that, we null routed the server 2003 servers, and only let the Linux
> servers talk to AD servers running 2008.
> 
> This was working fine, except that some servers stopped being able to
> run "getent passwd" or "getent group" and would just return nothing from
> winbind.
> 
>  
> 
> As a test, I converted over to RID as the idmap backend away from ADS,
> and this appears to have almost worked perfectly. Except now that a
> users UID isn't being returned from the AD unixattributes tab, but
> instead has what I assume is the RID ID for the user. Other attributes
> seem to be coming down ok

When you change idmap backends, you must always also delete
all caches. Delete the winbindd_cache.tdb file and issue a
"net cache flush".

Hope that helps,

Volker Lendecke

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de


More information about the samba mailing list