[Samba] Domain member (2k8R2) server, problem mapping Kerberos/NSS users

Elias Probst mail at eliasprobst.eu
Mon Jul 21 09:07:04 MDT 2014

On 07/21/2014 04:35 PM, Rowland Penny wrote:
> Hi, These appear to be possible problems:
> idmap config MY-DOMAIN.TLD : schema_mode = rfc2307bis # this is only
> used by the ad backend
> idmap config MY-DOMAIN.TLD : readonly = yes # only used by the tdb, tdb2
> and ldap backends
> idmap config MY-DOMAIN.TLD : default = yes # where did this come from??
> idmap config * : backend = tdb # no range given

Ok, what I initially didn't realize: the 'idmap config' params are
mutually exclusive, so it doesn't make sense to use things like
'readonly yes' only applies to the tdb and ldap backends.

Removed the 'idmap config' entries in question, so I only have those left:
        idmap config uni-tuebingen.de : range = 900-9999999999
        idmap config uni-tuebingen.de : backend = nss

The results are unfortunately still the same as I described them in my
initial mail.

> Please have a look at 'man smb.conf' and 'man idmap_nss'
Well, I read the smb.conf manpage a lot during the last days but
couldn't figure out what I'm still missing… that's why I ended up on the
ML with my question.

Any further ideas what do to/try/read are welcome!

- Elias

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140721/5d6b3b57/attachment.pgp>

More information about the samba mailing list