[Samba] Winbind troubles
Rowland Penny
rowlandpenny at googlemail.com
Mon Jul 22 15:15:10 MDT 2013
OK, that seems like it should work, I had the winbind ad backend working,
but found it difficult to setup so jumped ship to sssd
The idmap setup I used was:
idmap config *:backend = tdb
idmap config *:range = 1100-2000
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-3100000
As you can see the number ranges are the opposite way round to what you
have i.e. config*:range is lower than DOMAIN:range
You could also try (as a test) changing backend = ad to backend = rid, this
will ignore the rfc2307 bit but will test the connect to the AD server.
Rowland
On 22 July 2013 21:46, Matthew Daubenspeck <matt at oddprocess.org> wrote:
> On Mon, Jul 22, 2013 at 10:27:36PM +0200, steve wrote:
> > Can you post smb.conf on SRV2?
> > Steve
>
> Certainly:
>
> [global]
>
> workgroup = NWLTECH
> security = ADS
> realm = NWLTECH.ORG
> encrypt passwords = yes
>
> idmap config *:backend = tdb
> idmap config *:range = 70001-80000
> idmap config NWLTECH:backend = ad
> idmap config NWLTECH:schema_mode = rfc2307
> idmap config NWLTECH:range = 500-40000
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list