[Samba] idmap problems after update from 3.0.33 to 3.6.6
Rowland Penny
rowlandpenny at googlemail.com
Thu Nov 7 05:29:53 MST 2013
On 07/11/13 12:04, Thomas Attenberger wrote:
> Hi again,
>
> we want to keep the tdb method.
> After many ours of reading and searching, I have still no idea what can be
> wrong.
> Actually I'm hanging here:
>
> wbinfo -n newuser (is working)
> wbinfo -s newusersid (is working)
> wbinfo -S newusersid
> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert sid xxx to uid
>
> If I take a look in the winbindd_idmap.tdb the newuser is not listed.
>
> Has anyone some idea, what can be wrong?
>
> Regards
> Thomas
>
>
> 2013/10/23 steve <steve at steve-ss.com>
>
>> On Wed, 2013-10-23 at 15:21 +0200, Thomas Attenberger wrote:
>>> Thanks for your help.
>>>
>>>
>>> How can I manually populate the rfc2307 attributes?
>>>
>>>
>>> Before I tried it with "backend = ad", but then "wbinfo -u" lists only
>>> local users.
>>> Now it seems, there's no difference between using ad or tdb.
>>>
>>>
>>> Do I really need to use rfc2307 mode? Before I was running samba 3.0
>>> without it...
>>>
>>>
>>> What can I do now?
>> Hi
>> I can't help with the tdb method but your smb.conf is good to go for the
>> ad backend. To use it, you will have to add the rfc2307 attributes to
>> the 2008 box somehow. You can add e.g. uidNumber number to users under
>> the Unix tab on ADUC on your existing DC.
>>
>> Another good way to get the attributes would be to join a Samba4 machine
>> to the domain as another DC. It's then a simple matter to wrap a script
>> around ldbmodify to dump the attributes into AD from that box and let
>> replication do the rest.
>>
>> Do you have a lot of users?
>> Steve
>>
>>
>>
You are using RFC2307 on the clients, but do you have the users RFC2307
info in AD? (msSFU30NisDomain, msSFU30Name, uidNumber, gidNumber,
loginShell, unixHomeDirectory, uid).
If you want to get all the RFC2307 info from AD using Samba, then the
machine needs to joined to the domain (like a windows pc) and you need
to use something to pull this info, with winbind this means 'backend =
ad', but you can use sssd or nslcd.
Rowland
More information about the samba
mailing list