[Samba] Winbind question
Bruno MACADRÉ
bruno.macadre at univ-rouen.fr
Mon Aug 11 08:54:32 MDT 2014
Nice, for me it's not so cool.... ad beckend works and winbind list
users but if I want infos about it I get a 'WBC_ERR_DOMAIN_NOT_FOUND'
error..... I must search again.....
Le 11/08/2014 16:51, Ryan Ashley a écrit :
> THAT DID IT! I am now pulling the correct ID's! I spent weeks on this
> and kept thinking it was configuration files or a bug. Man, I owe you
> dinner if you're ever in the states!
>
> On 08/11/2014 10:47 AM, Ryan Ashley wrote:
>> My thoughts are the same. I am rebuilding Samba on my member server
>> now using the parameter you mentioned. I did a full rebuild from
>> scratch, but I will let you know if it works when it finishes. My
>> fingers are crossed!
>>
>> On 08/11/2014 10:45 AM, Bruno MACADRÉ wrote:
>>> I think only members 'cause it's only on it we have the message
>>> 'can't load ad backend'
>>>
>>> Le 11/08/2014 16:37, Ryan Ashley a écrit :
>>>> I have not seen that mentioned in my 121 posts about this issue.
>>>> Does that need to be enabled on the DC and members or just members?
>>>>
>>>> On 08/11/2014 10:35 AM, Bruno MACADRÉ wrote:
>>>>> Nice clue,
>>>>>
>>>>> I quickly research in my tutorial and see that I forget an option
>>>>> on my configure line :
>>>>>
>>>>> --with-shared-modules=idmap_ad
>>>>>
>>>>> I recompile my samba and retry... I come back when finished
>>>>>
>>>>> Le 11/08/2014 16:30, Ryan Ashley a écrit :
>>>>>> I forgot to tell you, if you are pulling from the TDB range, your
>>>>>> ID numbers will NOT be the same across member servers. That is
>>>>>> what I have been working on for a month now. I have two member
>>>>>> servers and they keep pulling from the TDB range, causing a user
>>>>>> to have an ID of 70001 on one member server but 70004 on the
>>>>>> other. Both servers claim they cannot probe the idmap ad module.
>>>>>>
>>>>>> On 08/11/2014 10:21 AM, Bruno MACADRÉ wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I successfully set up an AD DC, and now, I want to join a file
>>>>>>> server as member in this domain.
>>>>>>>
>>>>>>> I followed this tutorial :
>>>>>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>>>>>>
>>>>>>> All works fine, my server join my AD without problem, samba
>>>>>>> starts fine and winbind too. But when I look at my domain users,
>>>>>>> the uid/gid returned by winbind are in the TDB range instead of
>>>>>>> the AD range.....
>>>>>>>
>>>>>>> This is my smb.conf :
>>>>>>> [global]
>>>>>>>
>>>>>>> netbios name = filzen
>>>>>>> workgroup = SAMDOM
>>>>>>> security = ADS
>>>>>>> realm = SAMDOM.FR
>>>>>>> encrypt passwords = yes
>>>>>>>
>>>>>>> log level = 10
>>>>>>>
>>>>>>> template homedir = /home/%U
>>>>>>> template shell = /bin/bash
>>>>>>>
>>>>>>> winbind use default domain = yes
>>>>>>> winbind enum users = yes
>>>>>>> winbind enum groups = yes
>>>>>>>
>>>>>>> idmap config SAMDOM:backend = ad
>>>>>>> idmap config SAMDOM:range = 20001-70000
>>>>>>> idmap config SAMDOM:default = yes
>>>>>>> idmap config *:backend = tdb
>>>>>>> idmap config *:range = 70001-80000
>>>>>>>
>>>>>>> If I type :
>>>>>>> # wbinfo -i administrator
>>>>>>>
>>>>>>> I get :
>>>>>>> administrator:*:70001:70001::/home/administrator:/bin/bash
>>>>>>>
>>>>>>> If I create a user (foo) and trying to obtain his informations :
>>>>>>> # wbinfo -i foo
>>>>>>>
>>>>>>> I get:
>>>>>>> foo:*:70002:70001::/home/foo:/bin/bash
>>>>>>>
>>>>>>> Why winbind doen't use AD range instead of TBD range ? And even
>>>>>>> if I must use TDB range is there a certainty that this uid/gid
>>>>>>> are the same over all members ?
>>>>>>>
>>>>>>> Another clue : If I use SAMDOM:backend = rid the users receive a
>>>>>>> uid/gid in SAMDOM range and not in TDB range (maybe a bug in ad
>>>>>>> backend ?)
>>>>>>>
>>>>>>> Thanks for any answers
>>>>>>> Regards,
>>>>>>> Bruno.
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
--
Bruno MACADRE
-------------------------------------------------------------------
Ingénieur Systèmes et Réseau | Systems and Network Engineer
Département Informatique | Department of computer science
Responsable Info SER | SER IT Manager
Université de Rouen | University of Rouen
-------------------------------------------------------------------
Coordonnées / Contact :
Université de Rouen
Faculté des Sciences et Techniques - Madrillet
Avenue de l'Université
CS 70012
76801 St Etienne du Rouvray CEDEX
FRANCE
Tél : +33 (0)2-32-95-51-86
Mob : +33 (0)6-74-71-45-64
-------------------------------------------------------------------
More information about the samba
mailing list