samba - Nov 2008 - regression in 3.2.4? Homedir not retrieved with idmap_ad backend

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I'm currently running Ubuntu Intrepid and I'm testing Samba (winbind
specifically) with our Active Directory.
Our AD schema has been extended with the proper fields for storing
rfc2307 information.

Short explanation:

With Samba 3.2.3 the homedir fields are properly being read from the AD,
with Samba 3.2.4 they are not, the values returned by "wbinfo -i
<user>"
and/or "getent passwd" will have the format of /home/%D/%U, which is
the
default for the "template homedir" setting which I have *not*
specified
in my smb.conf. A workaround for me currently is to specify the
"template homedir" setting with the correct format in smb.conf.

More detailed info:

When I'm using the samba-3.2.3 package currently in Ubuntu Intrepid
everything is working properly, except that Winbind keeps on
segfaulting. I believe it is related to the fact that we have users and
groups who do NOT have the RFC2307 fields filled. This specific bug was
fixed in Samba 3.2.4 (and I've filed a bug at Ubuntu for it).

Since Ubuntu is currently not shipping a samba 3.2.4 package I took the
package sources from Debian unstable and recompiled those on Intrepid.
Since the samba-3.2.3 package from Ubuntu had been synched with Debian I
doubt that this is much of a problem.

So just to be clear about this, I'm comparing the Ubuntu
2:3.2.3-1ubuntu3 package to the Debian 2:3.2.4-1 package.

You will find my smb.conf attached below.
Kind regards,

Jelmer Jaarsma



My smb.conf:

[global]
        workgroup = KA
        realm = KA.SARA.NL
        server string = %h server (Samba, Ubuntu)
        security = ADS
        map to guest = Bad User
        obey pam restrictions = Yes
        disable netbios = yes
        passdb backend = tdbsam
        pam password change = Yes
        use kerberos keytab = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        usershare allow guests = Yes
        panic action = /usr/share/samba/panic-action %d
        idmap backend = ad
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind nss info = rfc2307
        winbind offline logon = true
        winbind refresh tickets = true
        winbind expand groups = 10
        auth methods = winbind
        log level = 0 winbind:5
        debug class = yes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkkSxyAACgkQ3bV1+S5veEiMeQCeOgM+uE92U2VU8zoTO6bnBWQ3
IYMAoJNL5F/Vbnf5BTSFa76JpvSfOp11
=cB+a
-----END PGP SIGNATURE-----