[Samba] winbind backend ad not working
Stefan Kania
stefan at kania-online.de
Wed Oct 26 14:02:08 UTC 2016
Hello,
after a classicupgrade from samb3 with openldap we want to set up a
samba-fileserver. We would like to user the winbind ad backend. So we
configured the smb.conf with the following settings:
-----------------
--------# Global parameters
[global]
bind interfaces only = Yes
interfaces = 192.168.56.102
realm = EXAMPLE.DE
workgroup = EXAMPLE
registry shares = Yes
security = ADS
template shell = /bin/bash
winbind enum groups = Yes
winbind enum users = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind use default domain = Yes
idmap config EXAMPLE : schema_mode = rfc2307
idmap config EXAMPLE : range = 1001 - 200000
idmap config EXAMPLE : backend = ad
idmap config * : range = 1000000 - 1999999
idmap config * : backend = tdb
store dos attributes = Yes
inherit acls = Yes
vfs objects = acl_xattr
---------
All users in AD have a unique uidNumber and all the other
Unix-Attributes, but no uid-Attribute. All uidNumbers are insite the
range configured in smb.conf.
But we will not get any user listed with "getent passwd". We tried to
switch to winbind backend rid then everything is working. All users are
listed. Here the smb.conf
with the backend rid:
---------
[global]
workgroup = EXAMPLE
realm = EXAMPLE.DE
security = ADS
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
template shell = /bin/bash
idmap config * : range = 10000 - 19999
idmap config EXAMPLE : backend = rid
idmap config EXAMPLE : range = 1000000 - 1999999
inherit acls = yes
store dos attributes = yes
vfs objects = acl_xattr
interfaces = 192.168.56.102
bind interfaces only = yes
---------
Even with log level 3 we didn't get any errormessage. Were should we
look next, or what is wrong in our configuration.
Stefan
More information about the samba
mailing list