[Samba] Re: IDMAP RID problems and documentation
John
jknappers-argentia at hotmail.com
Fri Dec 21 10:05:46 GMT 2007
"Plant, Dean" <dean.plant at roke.co.uk> schreef in bericht
news:2181C5F19DD0254692452BFF3EAF1D6803940B3E at rsys005a.comm.ad.roke.co.uk...
Charles Marcus wrote:
> Plant, Dean, on 12/19/2007 8:58 AM, said the following:
>> John wrote:
>>> Hello List,
>>>
>>> After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use
>>> of the new syntax for IDMAP. But I failed, Also there is a lack on
>>> documentation how to us it. (Yes there is a man, but it contains
>>> limited explanation and examples).
>>>
>>> What do I want? What (I think a lot of people wants)
>>> I have two samba domain members and a Windows 2003 DC without R2 /
>>> SFU shema extension. So I want make use of the RID facility.
>>> Same GID/ UID mappings on all samba servers in the domain, with
>>> support of BUILTIN groups, and without installing schema extensions
>>> on the DC. I assume that RID was designed for this scenario
>>> Can anyone assist me and everyone on list struggling with the same
>>> problems, how to proper configure SAMBA for this scenario?
>>>
>>> Old syntax works, but lack support for BUILT-IN groups, and gives
>>> following complaints in syslog
>>> Module '/usr/lib/samba/idmap/rid.so' initialization failed:
>>> NT_STATUS_OBJECT_NAME_COLLISION
>>> and:
>>> lib/util_str.c:safe_strcpy_fn(659)
>>> Dec 19 13:12:47 s-0009 winbindd[5454]: ERROR: string overflow by 1
>>> (256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255)
>>> in safe_strcpy [Added timed event "async_request_timeout": 8843878
>>>
>>
>> I have just fixed one of our Samba servers this morning after an the
>> upgrade from CentOS 5 -> 5.1 broke winbind resolution.
>>
>> The below winbind config worked for me.
>
> I'm curious - what exactly CHANGED (or, what did you have to change)?
>
We had been running with these idmap settings for an AD integrated file
server.
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
idmap backend = rid:"US=16777216-33554431"
After the upgrade to CentOS 5.1 our winbind mappings were lost and group
permissions were no longer working. Reading the Samba release notes and
trawling the net I found the below settings, although as it has been
pointed out the "idmap alloc config" is not required. With these
settings all winbind mappings were restored and everything seems to be
working as normal.
idmap domains = US
idmap config US: default = yes
idmap config US: backend = rid
idmap config US: range = 16777216-33554431
idmap alloc config: range = 16777216-33554431
Dean
Thank you for you're reply, but mentioned configuration breaks "getent
passwd" in our setup. Getent group works, and wbinfo -u also works. Have
anybody an idea what else can cause samba winbind on CentOS4.6 to fail?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list