[Samba] Winbind question

Ryan Ashley ryana at reachtechfp.com
Mon Aug 11 08:37:57 MDT 2014 

I have not seen that mentioned in my 121 posts about this issue. Does 
that need to be enabled on the DC and members or just members?

On 08/11/2014 10:35 AM, Bruno MACADRÉ wrote:
> Nice clue,
>
> I quickly research in my tutorial and see that I forget an option on 
> my configure line :
>
> --with-shared-modules=idmap_ad
>
> I recompile my samba and retry... I come back when finished
>
> Le 11/08/2014 16:30, Ryan Ashley a écrit :
>> I forgot to tell you, if you are pulling from the TDB range, your ID 
>> numbers will NOT be the same across member servers. That is what I 
>> have been working on for a month now. I have two member servers and 
>> they keep pulling from the TDB range, causing a user to have an ID of 
>> 70001 on one member server but 70004 on the other. Both servers claim 
>> they cannot probe the idmap ad module.
>>
>> On 08/11/2014 10:21 AM, Bruno MACADRÉ wrote:
>>> Hi,
>>>
>>> I successfully set up an AD DC, and now, I want to join a file 
>>> server as member in this domain.
>>>
>>> I followed this tutorial : 
>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>>
>>> All works fine, my server join my AD without problem, samba starts 
>>> fine and winbind too. But when I look at my domain users, the 
>>> uid/gid returned by winbind are in the TDB range instead of the AD 
>>> range.....
>>>
>>> This is my smb.conf :
>>> [global]
>>>
>>>    netbios name = filzen
>>>    workgroup = SAMDOM
>>>    security = ADS
>>>    realm = SAMDOM.FR
>>>    encrypt passwords = yes
>>>
>>>    log level = 10
>>>
>>>    template homedir = /home/%U
>>>    template shell = /bin/bash
>>>
>>>    winbind use default domain = yes
>>>    winbind enum users  = yes
>>>    winbind enum groups = yes
>>>
>>>    idmap config SAMDOM:backend = ad
>>>    idmap config SAMDOM:range = 20001-70000
>>>    idmap config SAMDOM:default = yes
>>>    idmap config *:backend = tdb
>>>    idmap config *:range = 70001-80000
>>>
>>> If I type :
>>> # wbinfo -i administrator
>>>
>>> I get :
>>> administrator:*:70001:70001::/home/administrator:/bin/bash
>>>
>>> If I create a user (foo) and trying to obtain his informations :
>>> # wbinfo -i foo
>>>
>>> I get:
>>> foo:*:70002:70001::/home/foo:/bin/bash
>>>
>>> Why winbind doen't use AD range instead of TBD range ? And even if I 
>>> must use TDB range is there a certainty that this uid/gid are the 
>>> same over all members ?
>>>
>>> Another clue : If I use SAMDOM:backend = rid the users receive a 
>>> uid/gid in SAMDOM range and not in TDB range (maybe a bug in ad 
>>> backend ?)
>>>
>>> Thanks for any answers
>>> Regards,
>>> Bruno.
>>>
>>
>

More information about the samba mailing list