[Samba] winbind bug?

Chan Min Wai dcmwai at gmail.com
Thu Mar 27 11:51:26 MDT 2014


Hi Doung,

Quote you statement "configuration and held the unix uid's, etc..that this
would tell samba to look to AD for those values (which concerns me to put
that in and break all the existing users) and we certainly do not have that
in our AD here"

If your AD users don't have unix uid , home dir, shell...

If you don't have unix uid, winbind will not read this users...

if you don't have homedir and shell...
Then where the the template homedir and template shell?





On Fri, Mar 28, 2014 at 1:46 AM, Doug Tucker <tuckerd at lyle.smu.edu> wrote:

>
>  Rowland
>>>>
>>> Thanks for the once over.  Helps to have multiple eyes to verify things.
>>>  But in the end I'm still in the same boat and not a single suggestion to
>>> the facts of my issue.  My config does work as long as the unix ID isn't
>>> over 11000 and the client windows 7. Nobody wants to even acknowledge or
>>> touch that.  I've verified it down to every detail I can think of.  I don't
>>> know if you read my threads earlier, but I can change an existing user to a
>>> unix id less than 11000 and they then work.  Switch them back, broken again.
>>>
>>> My back end windows server is 2003.
>>>
>>
>> After looking at your smb.conf again, I noticed something, could you try
>> changing the idmap config section to this:
>>
>>    idmap config *:backend = tdb
>>    idmap config *:range = 3000000-3100000
>>    idmap config SEAS:backend = rid
>>    idmap config SEAS:range = 1000-40000
>>    idmap config SEAS:schema_mode = rfc2307
>>    idmap config SEAS-S:backend = rid
>>    idmap config SEAS-S:range = 40001-60000
>>    idmap config SEAS-S:schema_mode = rfc2307
>>
>> Rowland
>>
>>  Before doing so...this server is live...I read a long article on the
> rfc2307 yesterday and my understanding of it was you would only put this in
> your domain configs IF the backend AD had the rfc configuration and held
> the unix uid's, etc..that this would tell samba to look to AD for those
> values (which concerns me to put that in and break all the existing users)
> and we certainly do not have that in our AD here.  Is that your
> understanding of it?  Honestly after reading that article I considered
> taking that out of my config altogether as I didn't think it had any real
> purpose.  I put it IN based on another persons smb.conf that had been
> helpful in solving an auth issue I had early on.
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list