[Samba] Winbind troubles

L.P.H. van Belle belle at bazuin.nl
Tue Jul 23 01:40:50 MDT 2013 

Hai, 
 

I'm having exactly the same problem with winbind as Matthew Daubenspeck.
also on ubuntu 12.04 with sernet packages. ( used sernet-samba-winbind 4.0.7 )

I remove the complete config atm but am at the point reinstalling now. 
I'll wait with that until you put you howto on. 
i cant loose the rfc2307 :-( 
and i cant lose control over uidNumber, gidNumber, home directories and login shells. 
and im adding a second DC later on, but whats the difference between RID and AD exactly. 
or just these 4 things? 

I'll go try the sssd as suggested below on ubuntu 12.04. 



Best regards, 

Louis


>-----Oorspronkelijk bericht-----
>Van: rowlandpenny at googlemail.com 
>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: maandag 22 juli 2013 23:45
>Aan: steve
>CC: samba at lists.samba.org
>Onderwerp: Re: [Samba] Winbind troubles
>
>If you want my opinion, this is just another example of why not to use
>winbind, if you can wait until tomorrow , I will send you an 
>howto on sssd
>on Ubuntu 12.04
>
>Rowland
>On Jul 22, 2013 10:36 PM, "steve" <steve at steve-ss.com> wrote:
>
>> On Mon, 2013-07-22 at 17:29 -0400, Matthew Daubenspeck wrote:
>> > On Mon, Jul 22, 2013 at 10:15:10PM +0100, Rowland Penny wrote:
>> > >    OK, that seems like it should work, I had the winbind 
>ad backend
>> > >    working, but found it difficult to setup so jumped 
>ship to sssd
>> > >    The idmap setup I used was:
>> > >            idmap config *:backend = tdb
>> > >            idmap config *:range = 1100-2000
>> > >            idmap config DOMAIN:backend = ad
>> > >            idmap config DOMAIN:schema_mode = rfc2307
>> > >            idmap config DOMAIN:range = 10000-3100000
>> > >    As you can see the number ranges are the opposite way 
>round to what
>> you
>> > >    have i.e. config*:range is lower than DOMAIN:range
>> > >    You could also try (as a test) changing backend = ad 
>to backend =
>> rid,
>> > >    this will ignore the rfc2307 bit but will test the 
>connect to the AD
>> > >    server.
>> > >    Rowland
>> >
>> > Changing the above ranges made no difference. However, 
>changing backend
>> > = rid gets me:
>> >
>> > root at srv2:~# getent passwd administrator
>> > 
>administrator:*:10005:1013:Administrator:/home/Administrator:/bin/sh
>>
>> Amazing;)
>> >
>> > That seems to be working perfectly. What would I be losing without
>> > rfc2307 (please excuse the ignorance)?
>>
>> You'd lose control over uidNumber, gidNumber and you 
>wouldn't be able to
>> specify your own home directories and login shells. It's also a
>> nightmare if you add a second DC.
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list