[Samba] Winbind question
Bruno MACADRÉ
bruno.macadre at univ-rouen.fr
Mon Aug 11 08:35:05 MDT 2014
Nice clue,
I quickly research in my tutorial and see that I forget an option on my
configure line :
--with-shared-modules=idmap_ad
I recompile my samba and retry... I come back when finished
Le 11/08/2014 16:30, Ryan Ashley a écrit :
> I forgot to tell you, if you are pulling from the TDB range, your ID
> numbers will NOT be the same across member servers. That is what I
> have been working on for a month now. I have two member servers and
> they keep pulling from the TDB range, causing a user to have an ID of
> 70001 on one member server but 70004 on the other. Both servers claim
> they cannot probe the idmap ad module.
>
> On 08/11/2014 10:21 AM, Bruno MACADRÉ wrote:
>> Hi,
>>
>> I successfully set up an AD DC, and now, I want to join a file server
>> as member in this domain.
>>
>> I followed this tutorial :
>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>
>> All works fine, my server join my AD without problem, samba starts
>> fine and winbind too. But when I look at my domain users, the uid/gid
>> returned by winbind are in the TDB range instead of the AD range.....
>>
>> This is my smb.conf :
>> [global]
>>
>> netbios name = filzen
>> workgroup = SAMDOM
>> security = ADS
>> realm = SAMDOM.FR
>> encrypt passwords = yes
>>
>> log level = 10
>>
>> template homedir = /home/%U
>> template shell = /bin/bash
>>
>> winbind use default domain = yes
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> idmap config SAMDOM:backend = ad
>> idmap config SAMDOM:range = 20001-70000
>> idmap config SAMDOM:default = yes
>> idmap config *:backend = tdb
>> idmap config *:range = 70001-80000
>>
>> If I type :
>> # wbinfo -i administrator
>>
>> I get :
>> administrator:*:70001:70001::/home/administrator:/bin/bash
>>
>> If I create a user (foo) and trying to obtain his informations :
>> # wbinfo -i foo
>>
>> I get:
>> foo:*:70002:70001::/home/foo:/bin/bash
>>
>> Why winbind doen't use AD range instead of TBD range ? And even if I
>> must use TDB range is there a certainty that this uid/gid are the
>> same over all members ?
>>
>> Another clue : If I use SAMDOM:backend = rid the users receive a
>> uid/gid in SAMDOM range and not in TDB range (maybe a bug in ad
>> backend ?)
>>
>> Thanks for any answers
>> Regards,
>> Bruno.
>>
>
--
Bruno MACADRE
-------------------------------------------------------------------
Ingénieur Systèmes et Réseau | Systems and Network Engineer
Département Informatique | Department of computer science
Responsable Info SER | SER IT Manager
Université de Rouen | University of Rouen
-------------------------------------------------------------------
Coordonnées / Contact :
Université de Rouen
Faculté des Sciences et Techniques - Madrillet
Avenue de l'Université
CS 70012
76801 St Etienne du Rouvray CEDEX
FRANCE
Tél : +33 (0)2-32-95-51-86
Mob : +33 (0)6-74-71-45-64
-------------------------------------------------------------------
More information about the samba
mailing list