[Samba] Winbind question

Bruno MACADRÉ bruno.macadre at univ-rouen.fr
Mon Aug 11 08:45:41 MDT 2014 

I think only members 'cause it's only on it we have the message 'can't 
load ad backend'

Le 11/08/2014 16:37, Ryan Ashley a écrit :
> I have not seen that mentioned in my 121 posts about this issue. Does 
> that need to be enabled on the DC and members or just members?
>
> On 08/11/2014 10:35 AM, Bruno MACADRÉ wrote:
>> Nice clue,
>>
>> I quickly research in my tutorial and see that I forget an option on 
>> my configure line :
>>
>> --with-shared-modules=idmap_ad
>>
>> I recompile my samba and retry... I come back when finished
>>
>> Le 11/08/2014 16:30, Ryan Ashley a écrit :
>>> I forgot to tell you, if you are pulling from the TDB range, your ID 
>>> numbers will NOT be the same across member servers. That is what I 
>>> have been working on for a month now. I have two member servers and 
>>> they keep pulling from the TDB range, causing a user to have an ID 
>>> of 70001 on one member server but 70004 on the other. Both servers 
>>> claim they cannot probe the idmap ad module.
>>>
>>> On 08/11/2014 10:21 AM, Bruno MACADRÉ wrote:
>>>> Hi,
>>>>
>>>> I successfully set up an AD DC, and now, I want to join a file 
>>>> server as member in this domain.
>>>>
>>>> I followed this tutorial : 
>>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>>>
>>>> All works fine, my server join my AD without problem, samba starts 
>>>> fine and winbind too. But when I look at my domain users, the 
>>>> uid/gid returned by winbind are in the TDB range instead of the AD 
>>>> range.....
>>>>
>>>> This is my smb.conf :
>>>> [global]
>>>>
>>>>    netbios name = filzen
>>>>    workgroup = SAMDOM
>>>>    security = ADS
>>>>    realm = SAMDOM.FR
>>>>    encrypt passwords = yes
>>>>
>>>>    log level = 10
>>>>
>>>>    template homedir = /home/%U
>>>>    template shell = /bin/bash
>>>>
>>>>    winbind use default domain = yes
>>>>    winbind enum users  = yes
>>>>    winbind enum groups = yes
>>>>
>>>>    idmap config SAMDOM:backend = ad
>>>>    idmap config SAMDOM:range = 20001-70000
>>>>    idmap config SAMDOM:default = yes
>>>>    idmap config *:backend = tdb
>>>>    idmap config *:range = 70001-80000
>>>>
>>>> If I type :
>>>> # wbinfo -i administrator
>>>>
>>>> I get :
>>>> administrator:*:70001:70001::/home/administrator:/bin/bash
>>>>
>>>> If I create a user (foo) and trying to obtain his informations :
>>>> # wbinfo -i foo
>>>>
>>>> I get:
>>>> foo:*:70002:70001::/home/foo:/bin/bash
>>>>
>>>> Why winbind doen't use AD range instead of TBD range ? And even if 
>>>> I must use TDB range is there a certainty that this uid/gid are the 
>>>> same over all members ?
>>>>
>>>> Another clue : If I use SAMDOM:backend = rid the users receive a 
>>>> uid/gid in SAMDOM range and not in TDB range (maybe a bug in ad 
>>>> backend ?)
>>>>
>>>> Thanks for any answers
>>>> Regards,
>>>> Bruno.
>>>>
>>>
>>
>

-- 

Bruno MACADRE
-------------------------------------------------------------------
  Ingénieur Systèmes et Réseau     | Systems and Network Engineer
  Département Informatique         | Department of computer science
  Responsable Info SER             | SER IT Manager
  Université de Rouen              | University of Rouen
-------------------------------------------------------------------
Coordonnées / Contact :
	Université de Rouen
	Faculté des Sciences et Techniques - Madrillet
	Avenue de l'Université
	CS 70012
	76801 St Etienne du Rouvray CEDEX
	FRANCE

	Tél : +33 (0)2-32-95-51-86
	Mob : +33 (0)6-74-71-45-64
-------------------------------------------------------------------

More information about the samba mailing list