[Samba] Winbind question

Ryan Ashley ryana at reachtechfp.com
Mon Aug 11 08:47:25 MDT 2014 

My thoughts are the same. I am rebuilding Samba on my member server now 
using the parameter you mentioned. I did a full rebuild from scratch, 
but I will let you know if it works when it finishes. My fingers are 
crossed!

On 08/11/2014 10:45 AM, Bruno MACADRÉ wrote:
> I think only members 'cause it's only on it we have the message 'can't 
> load ad backend'
>
> Le 11/08/2014 16:37, Ryan Ashley a écrit :
>> I have not seen that mentioned in my 121 posts about this issue. Does 
>> that need to be enabled on the DC and members or just members?
>>
>> On 08/11/2014 10:35 AM, Bruno MACADRÉ wrote:
>>> Nice clue,
>>>
>>> I quickly research in my tutorial and see that I forget an option on 
>>> my configure line :
>>>
>>> --with-shared-modules=idmap_ad
>>>
>>> I recompile my samba and retry... I come back when finished
>>>
>>> Le 11/08/2014 16:30, Ryan Ashley a écrit :
>>>> I forgot to tell you, if you are pulling from the TDB range, your 
>>>> ID numbers will NOT be the same across member servers. That is what 
>>>> I have been working on for a month now. I have two member servers 
>>>> and they keep pulling from the TDB range, causing a user to have an 
>>>> ID of 70001 on one member server but 70004 on the other. Both 
>>>> servers claim they cannot probe the idmap ad module.
>>>>
>>>> On 08/11/2014 10:21 AM, Bruno MACADRÉ wrote:
>>>>> Hi,
>>>>>
>>>>> I successfully set up an AD DC, and now, I want to join a file 
>>>>> server as member in this domain.
>>>>>
>>>>> I followed this tutorial : 
>>>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>>>>
>>>>> All works fine, my server join my AD without problem, samba starts 
>>>>> fine and winbind too. But when I look at my domain users, the 
>>>>> uid/gid returned by winbind are in the TDB range instead of the AD 
>>>>> range.....
>>>>>
>>>>> This is my smb.conf :
>>>>> [global]
>>>>>
>>>>>    netbios name = filzen
>>>>>    workgroup = SAMDOM
>>>>>    security = ADS
>>>>>    realm = SAMDOM.FR
>>>>>    encrypt passwords = yes
>>>>>
>>>>>    log level = 10
>>>>>
>>>>>    template homedir = /home/%U
>>>>>    template shell = /bin/bash
>>>>>
>>>>>    winbind use default domain = yes
>>>>>    winbind enum users  = yes
>>>>>    winbind enum groups = yes
>>>>>
>>>>>    idmap config SAMDOM:backend = ad
>>>>>    idmap config SAMDOM:range = 20001-70000
>>>>>    idmap config SAMDOM:default = yes
>>>>>    idmap config *:backend = tdb
>>>>>    idmap config *:range = 70001-80000
>>>>>
>>>>> If I type :
>>>>> # wbinfo -i administrator
>>>>>
>>>>> I get :
>>>>> administrator:*:70001:70001::/home/administrator:/bin/bash
>>>>>
>>>>> If I create a user (foo) and trying to obtain his informations :
>>>>> # wbinfo -i foo
>>>>>
>>>>> I get:
>>>>> foo:*:70002:70001::/home/foo:/bin/bash
>>>>>
>>>>> Why winbind doen't use AD range instead of TBD range ? And even if 
>>>>> I must use TDB range is there a certainty that this uid/gid are 
>>>>> the same over all members ?
>>>>>
>>>>> Another clue : If I use SAMDOM:backend = rid the users receive a 
>>>>> uid/gid in SAMDOM range and not in TDB range (maybe a bug in ad 
>>>>> backend ?)
>>>>>
>>>>> Thanks for any answers
>>>>> Regards,
>>>>> Bruno.
>>>>>
>>>>
>>>
>>
>

More information about the samba mailing list