[Samba] member server idmap config (auto)rid

mathias dufresne infractory at gmail.com
Tue Aug 8 10:04:30 UTC 2017 

Hi,

Could you post the whole smb.conf? That should help...

Did you install libpam-winbind? libpam-krb5?

Kerberos is working? It should as you mentioned join was ok.

Anyway and in short, to help we need information.

And playing with wbinfo could help to understand what you missed (wbinfo -n
username; wbinfo -S userSID; wbnifo -i username; for a start)

2017-08-07 16:44 GMT+02:00 Neil Price via samba <samba at lists.samba.org>:

> I've joined a samba 4.48 (debian stretch) to a Windows 2008R2 AD domain
> according to https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domai
> n_Member
>
> It joins OK but I cannot get idmap rid (or autorid) to work
>
>    idmap config * : backend = autorid
>    idmap config * : range = 1000000-1199999
>

Using only these two lines AD users and groups could become Linux users and
groups but their UID/GID will be randomly generated, which is certinaly not
what you want (at least in future that's you should regret)


>
> Nothing is returned for getent "SAMDOM\user"
>
> log.winbindd shows:
>
> [2017/08/07 15:44:08.377559,  3] ../source3/winbindd/winbindd_g
> etpwnam.c:56(winbindd_getpwnam_send)
>   getpwnam SAMDOM\user
> [2017/08/07 15:45:12.561500,  5] ../source3/winbindd/winbindd.c
> :1139(remove_timed_out_clients)
>   Client request timed out, shutting down sock 26, pid 639
>
> (libnss_winbind is installed and nsswitcy.conf modified as per wiki)
>
> If however I use
>
>        idmap config * : backend = tdb
>        idmap config * : range = 3000-7999
>
>    idmap config SAMDOM : backend = rid
>    idmap config SAMDOM : range = 1000000-1199999
>

Using these 4 lines is the right thing to do: idmap-rid will generate
UID/GID using LDAP object's RID + 1000000 (according to what you wrote) and
as UID/GID are now based on RID which is stable your UID/GID will be stable
too (not randomly generated)


>
> Then getent "SAMDOM\user" works but the uid is taken from the * range, not
> SAMDOM.
>
> What am I doing wrong?
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list