[Samba] Winbind question

Bruno MACADRÉ bruno.macadre at univ-rouen.fr
Mon Aug 11 08:54:32 MDT 2014 

Nice, for me it's not so cool.... ad beckend works and winbind list 
users but if I want infos about it I get a 'WBC_ERR_DOMAIN_NOT_FOUND' 
error..... I must search again.....


Le 11/08/2014 16:51, Ryan Ashley a écrit :
> THAT DID IT! I am now pulling the correct ID's! I spent weeks on this 
> and kept thinking it was configuration files or a bug. Man, I owe you 
> dinner if you're ever in the states!
>
> On 08/11/2014 10:47 AM, Ryan Ashley wrote:
>> My thoughts are the same. I am rebuilding Samba on my member server 
>> now using the parameter you mentioned. I did a full rebuild from 
>> scratch, but I will let you know if it works when it finishes. My 
>> fingers are crossed!
>>
>> On 08/11/2014 10:45 AM, Bruno MACADRÉ wrote:
>>> I think only members 'cause it's only on it we have the message 
>>> 'can't load ad backend'
>>>
>>> Le 11/08/2014 16:37, Ryan Ashley a écrit :
>>>> I have not seen that mentioned in my 121 posts about this issue. 
>>>> Does that need to be enabled on the DC and members or just members?
>>>>
>>>> On 08/11/2014 10:35 AM, Bruno MACADRÉ wrote:
>>>>> Nice clue,
>>>>>
>>>>> I quickly research in my tutorial and see that I forget an option 
>>>>> on my configure line :
>>>>>
>>>>> --with-shared-modules=idmap_ad
>>>>>
>>>>> I recompile my samba and retry... I come back when finished
>>>>>
>>>>> Le 11/08/2014 16:30, Ryan Ashley a écrit :
>>>>>> I forgot to tell you, if you are pulling from the TDB range, your 
>>>>>> ID numbers will NOT be the same across member servers. That is 
>>>>>> what I have been working on for a month now. I have two member 
>>>>>> servers and they keep pulling from the TDB range, causing a user 
>>>>>> to have an ID of 70001 on one member server but 70004 on the 
>>>>>> other. Both servers claim they cannot probe the idmap ad module.
>>>>>>
>>>>>> On 08/11/2014 10:21 AM, Bruno MACADRÉ wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I successfully set up an AD DC, and now, I want to join a file 
>>>>>>> server as member in this domain.
>>>>>>>
>>>>>>> I followed this tutorial : 
>>>>>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>>>>>>
>>>>>>> All works fine, my server join my AD without problem, samba 
>>>>>>> starts fine and winbind too. But when I look at my domain users, 
>>>>>>> the uid/gid returned by winbind are in the TDB range instead of 
>>>>>>> the AD range.....
>>>>>>>
>>>>>>> This is my smb.conf :
>>>>>>> [global]
>>>>>>>
>>>>>>>    netbios name = filzen
>>>>>>>    workgroup = SAMDOM
>>>>>>>    security = ADS
>>>>>>>    realm = SAMDOM.FR
>>>>>>>    encrypt passwords = yes
>>>>>>>
>>>>>>>    log level = 10
>>>>>>>
>>>>>>>    template homedir = /home/%U
>>>>>>>    template shell = /bin/bash
>>>>>>>
>>>>>>>    winbind use default domain = yes
>>>>>>>    winbind enum users  = yes
>>>>>>>    winbind enum groups = yes
>>>>>>>
>>>>>>>    idmap config SAMDOM:backend = ad
>>>>>>>    idmap config SAMDOM:range = 20001-70000
>>>>>>>    idmap config SAMDOM:default = yes
>>>>>>>    idmap config *:backend = tdb
>>>>>>>    idmap config *:range = 70001-80000
>>>>>>>
>>>>>>> If I type :
>>>>>>> # wbinfo -i administrator
>>>>>>>
>>>>>>> I get :
>>>>>>> administrator:*:70001:70001::/home/administrator:/bin/bash
>>>>>>>
>>>>>>> If I create a user (foo) and trying to obtain his informations :
>>>>>>> # wbinfo -i foo
>>>>>>>
>>>>>>> I get:
>>>>>>> foo:*:70002:70001::/home/foo:/bin/bash
>>>>>>>
>>>>>>> Why winbind doen't use AD range instead of TBD range ? And even 
>>>>>>> if I must use TDB range is there a certainty that this uid/gid 
>>>>>>> are the same over all members ?
>>>>>>>
>>>>>>> Another clue : If I use SAMDOM:backend = rid the users receive a 
>>>>>>> uid/gid in SAMDOM range and not in TDB range (maybe a bug in ad 
>>>>>>> backend ?)
>>>>>>>
>>>>>>> Thanks for any answers
>>>>>>> Regards,
>>>>>>> Bruno.
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

-- 

Bruno MACADRE
-------------------------------------------------------------------
  Ingénieur Systèmes et Réseau     | Systems and Network Engineer
  Département Informatique         | Department of computer science
  Responsable Info SER             | SER IT Manager
  Université de Rouen              | University of Rouen
-------------------------------------------------------------------
Coordonnées / Contact :
	Université de Rouen
	Faculté des Sciences et Techniques - Madrillet
	Avenue de l'Université
	CS 70012
	76801 St Etienne du Rouvray CEDEX
	FRANCE

	Tél : +33 (0)2-32-95-51-86
	Mob : +33 (0)6-74-71-45-64
-------------------------------------------------------------------

More information about the samba mailing list