[Samba] samba4 DC, internal winbind_server: external idmap problem

Andy Igoshin ai at vsu.ru
Sat Dec 7 06:57:37 MST 2013


i run samba 4.1.2 in DC mode. win7 client joined to this domain

now i try to configure external idmap.
i would like it to use our existing ldap server:

idmap config DOM : backend = rfc2307
idmap config DOM : range = 1110000-1119999
idmap config DOM : ldap_server = stand-alone
idmap config DOM : ldap_url = ldap://ldap.domain.ru
idmap config DOM : ldap_user_dn = uid=ldapmaster,cn=ldap.domain.ru
idmap config DOM : bind_path_user = cn=dom.domain.ru
idmap config DOM : bind_path_group = cn=dom.domain.ru
idmap config DOM : cache time = 1800
winbind nss info = rfc2307

i created a user 'test2' in samba DC.
in ldap.domain.ru there is the user uid=test2,cn=dom.domain.ru with
such attributes: 
uidNumber = 1113535
gidNumber = 1113535
objectSid = S-1-5-21-1982177496-2241683161-2840224108-1106 (i got it
from samba DC)

when i run wbinfo to get user's info i expect it to go to
ldap.domain.ru. but it does not happen. it looks like wbinfo
returns values from internal automatic idmap.

# wbinfo -S S-1-5-21-1982177496-2241683161-2840224108-1106
# wbinfo -U 1113535

do i misunderstand something?
is it possible to use idmap in such mode?


Andy Igoshin <ai at vsu.ru>                 Voronezh State University
sip:          ai at vsu.ru                  Network Operation Center
phone: +7 473 2281160, ext. 2020         Voronezh, Russia

More information about the samba mailing list