thr3ads.net - samba - [Samba] winbind: incomplete mapping ? [Aug 2004]

If this information is useful, please help other people find it:
Share via:

samba@agat.net

2004-Aug-27 13:39 UTC

[Samba] winbind: incomplete mapping ?

I'm trying to have a linux client to identify users against a AD server
(w2k3).
I'm using ldap as winbind backend, but using files I get same errors:

On 900 users, some of them aren't fully recognised:
doing a "wbinfo -u" I see the user in the list, but a "getent
passwd user"
return nothing.
More precisery, I can get the SID of the user, but winbind is unable to give me
the uid and gid affected to this SID.



# wbinfo -n blindaue
S-1-5-21-1501247731-845480421-311576647-3923 User (1)
# wbinfo -S S-1-5-21-1501247731-845480421-311576647-3923
Could not convert sid S-1-5-21-1501247731-845480421-311576647-3923 to uid
# wbinfo -Y S-1-5-21-1501247731-845480421-311576647-3923
SID is of type User
Could not convert sid S-1-5-21-1501247731-845480421-311576647-3923 to gid

I'm using winbind 3.0.6_3 (debian build)

smb.conf:
   workgroup = IUTINFO
   server string = %h server (Samba %v)
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 100000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = ads
   realm = IUTINFO.URS.LOCAL
   client signing = Yes
   server signing = Yes
   client use spnego = Yes
   use spnego = Yes
   password server = adserver.domain.com
   encrypt passwords = true
   ;passdb backend = tdbsam guest
   ;obey pam restrictions = yes
   invalid users = root
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .

   socket options = TCP_NODELAY

   winbind separator = +
   winbind use default domain = yes
   idmap backend = ldap:ldap://server.domain.com
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   ldap suffix = dc=iutinfo,dc=local
   ldap idmap suffix = ou=Idmap
   ldap admin dn = cn=admin,dc=iutinfo,dc=local
   winbind enum users = yes
   winbind enum groups = yes
   template homedir = /data/home/%U
   template shell = /bin/bash


Emmanuel

Gerald (Jerry) Carter

2004-Aug-30 14:14 UTC

head link

[Samba] winbind: incomplete mapping ?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

samba@agat.net wrote:
| I'm trying to have a linux client to identify users against a AD
server (w2k3).
| I'm using ldap as winbind backend, but using files I get same errors:
|
| On 900 users, some of them aren't fully recognised:
| doing a "wbinfo -u" I see the user in the list, but a "getent
passwd user"
| return nothing.

This should be fixed by
http://samba.org/~jerry/patches/post-3.0.6/winbind_getpwnam_v1.patch

Make sure that you run 'make proto' after applying the patch.


cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot
(2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBMzYWIR7qMdg1EfYRAkmOAJ9bwjArjB9VUa8XkewzYv9DBiDXOwCfQwLL
zB3bj7bsVmGaIJ8eyyDONTU=nDUz
-----END PGP SIGNATURE-----

Apparently Analagous Threads

Search for more reasonably related threads

samba - Aug 2004 - winbind: incomplete mapping ?

[Samba] winbind: incomplete mapping ?

[Samba] winbind: incomplete mapping ?

Apparently Analagous Threads