[Samba] winbind backend ad not working
Rowland Penny
rpenny at samba.org
Wed Oct 26 14:17:09 UTC 2016
On Wed, 26 Oct 2016 16:02:08 +0200
Stefan Kania via samba <samba at lists.samba.org> wrote:
> Hello,
>
> after a classicupgrade from samb3 with openldap we want to set up a
> samba-fileserver. We would like to user the winbind ad backend. So we
> configured the smb.conf with the following settings:
> -----------------
>
> --------# Global parameters
> [global]
> bind interfaces only = Yes
> interfaces = 192.168.56.102
> realm = EXAMPLE.DE
> workgroup = EXAMPLE
> registry shares = Yes
> security = ADS
> template shell = /bin/bash
> winbind enum groups = Yes
> winbind enum users = Yes
> winbind nss info = rfc2307
> winbind refresh tickets = Yes
> winbind use default domain = Yes
> idmap config EXAMPLE : schema_mode = rfc2307
> idmap config EXAMPLE : range = 1001 - 200000
> idmap config EXAMPLE : backend = ad
> idmap config * : range = 1000000 - 1999999
> idmap config * : backend = tdb
> store dos attributes = Yes
> inherit acls = Yes
> vfs objects = acl_xattr
> ---------
>
> All users in AD have a unique uidNumber and all the other
> Unix-Attributes, but no uid-Attribute. All uidNumbers are insite the
> range configured in smb.conf.
> But we will not get any user listed with "getent passwd". We tried to
> switch to winbind backend rid then everything is working. All users
> are listed. Here the smb.conf
> with the backend rid:
> ---------
> [global]
> workgroup = EXAMPLE
> realm = EXAMPLE.DE
> security = ADS
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = yes
> template shell = /bin/bash
> idmap config * : range = 10000 - 19999
> idmap config EXAMPLE : backend = rid
> idmap config EXAMPLE : range = 1000000 - 1999999
> inherit acls = yes
> store dos attributes = yes
> vfs objects = acl_xattr
> interfaces = 192.168.56.102
> bind interfaces only = yes
> ---------
> Even with log level 3 we didn't get any errormessage. Were should we
> look next, or what is wrong in our configuration.
>
> Stefan
>
Have you given 'Domain users' a gidNumber attribute containing a number
inside '1001 - 200000' ??
Rowland
More information about the samba
mailing list