[Samba] Winbind troubles
Jonathan Buzzard
jonathan at buzzard.me.uk
Tue Jul 23 03:05:31 MDT 2013
On Tue, 2013-07-23 at 10:15 +0200, steve wrote:
[SNIP]
>
> +1
> sssd just works: there is plain English documentation available and you
> get rfc2307 out of the box. The same day;)
>
> otoh, if you must stick with winbind there are reports of success here.
> Just one more thought to bugzilla it.
>
Winbind just works if you configure it properly. There is also plain
English documentation available for winbind as well. The problem is that
Matthew either did not read it or did not follow it. From "man idmap_ad"
The writeable default config is also needed in order to be able to
create group mappings. This catch-all default idmap configuration
should have a range that is disjoint from any explicitly configured
domain with idmap backend ad.
This is where Matthew went wrong, it's right there in the man page
(unlike three years ago). There are also a large smattering of posts
from myself on this list over the last two years on how important it is
not to have overlapping ranges for the local allocatable range. If you
do it simply does not work.
It's probably still not working for him because he needs to clear the
now poluted cache/database that winbind has created from previous
attempts. Using net cache flush might work. Personally I would stop
samba delete the tdb files and start it again, redo the domain join and
try it.
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
More information about the samba
mailing list