[Samba] getent group is not working
steve
steve at steve-ss.com
Wed Aug 27 13:30:24 MDT 2014
On Wed, 2014-08-27 at 15:06 -0400, Gregory Cushing wrote:
> Eduardo, to piggy back on Rowlands comment. I have only seen gid's/uid's
> require an id if they are using the below id map. Using a rid idmap I have
> never had to set a gid/uid. One thing to note. The rfc2307 requires unix
> extentions to be installed. Then groups will need a gid within that.
>
>
>
> idmap config *:range = 50000-60000
> idmap config SIENIC:backend = ad
> idmap config SIENIC:schema_mode = rfc2307
> idmap config SIENIC:range = 10000-20000
>
> Eduardo, per my other email the rest is identical.
>
> Requires Unix Extensions to be installed in an AD environment. I can tell
> you this though assuming you had a working setup; otherwise in samba. IE
> local auth works and nsswitch/kerberos look great etc. then check the
> following.
>
> 1) Unix Extensions from what I have seen in samba are not enabled by
> default nor in normal AD.
>
> 2) When ever troubleshooting a getent translation issue there are a few
> things to check which you have not listed in this email
>
> There are 3-4 things that need to be setup to have getent working.
>
> 1) Confirm your nsswitch conf. Here it appears working.
>
> 2) Have you confirmed the pam winbind module is installed and pam is
> configured?
>
> 3) Have you done a wbinfo sid to id call to check that sid translation and
> uid translation is working? wbinfo's help or man page will give you the
> flags for this. You want to test sid and uid/guid resolution within winbind.
>
> 4) Check your id map to confirm the ID map is properly mapped.
> My initial suspicion is that you havnt properly configured your id map.
>
> I am known on irc.freenode.net #samba as ioudas.. and I am known for some
> winbind knowledge there. If you would like further help. Feel free to reply
> or let me know.
Sounds good to us. If you are totally and utterly bewildered and really
don't know what to try next, we also have the winbind or bust checklist:
http://linuxcostablanca.blogspot.com.es/2014/06/samba4-winbind-desperation.html
HTH,
J & S, Alicante
More information about the samba
mailing list