thr3ads.net - samba - [Samba] Re: [Solved] Re: idmap_ad: sid to uid conversion fails [Sep 2004]

If this information is useful, please help other people find it:
Share via:

Luke Howard

2004-Sep-23 05:30 UTC

[Samba] Re: [Solved] Re: idmap_ad: sid to uid conversion fails

>It's probably worth noting that for users who are
>adding idmap_ad over an existing winbind setup, the
>old mapping has to be deleted as above.
Thanks, I'll put this in the README for the next version.

regards,

-- Luke

--

S Murthy Kambhampaty

2004-Sep-28 19:21 UTC

head link

[Samba] idmap_ad requires kinit of machine acccount?

On an FC2 test server running samba-3.0.7-2.FC2 and
with idmap_ad, if I start winbind "normally" idmap_ad
fails, but if I first kinit the machine account,
idmap_ad works fine.

Without idmap_ad in smb.conf, winbind is fine.

This problem appears not to occur with samba-3.0.5
(build from source tarball, running RedHat 8.0).  I
will try with samba-3.0.7-1 from samba.org on FC2 as I
get a chance, but I was wondering if anyone had any
clues as to what the problem may be.  I have attached
a little more infor in the postscript.

Thanks,
   Murthy

PS:

Usage 1:
[root@compa4 /]# net ads testjoin
Join is OK
[root@compa4 /]# klist
klist: No credentials cache found (ticket cache
FILE:/tmp/krb5cc_0)

Restart winbind; "getent passwd" only gives local
users
logifile contains:
[2004/09/28 14:54:22, 1] nsswitch/winbindd.c:main(854)
  winbindd version 3.0.7-2.FC2 started.
  Copyright The Samba Team 2000-2004
[2004/09/28 14:54:22, 1]
libsmb/clikrb5.c:ads_krb5_mk_req(313)
  krb5_cc_get_principal failed (No credentials cache
found)
[2004/09/28 14:54:22, 1] idmap_ad.c:ad_idmap_init(43)
  ad_idmap_init: failed to connect to AD
[2004/09/28 14:54:23, 1]
libsmb/clikrb5.c:ads_krb5_mk_req(313)
  krb5_cc_get_principal failed (No credentials cache
found)


Usage 2:
kinit <host name>

Restart winbind; getent passwd gives local as well as
domain users

[2004/09/28 14:58:24, 1] nsswitch/winbindd.c:main(854)
  winbindd version 3.0.7-2.FC2 started.
  Copyright The Samba Team 2000-2004
[2004/09/28 14:58:24, 1]
libsmb/clikrb5.c:ads_krb5_mk_req(313)
  krb5_cc_get_principal failed (No credentials cache
found)
[2004/09/28 14:58:27, 1]
idmap_ad.c:ad_idmap_get_id_from_sid(214)
  ad_idmap_get_id_from_sid mapped SID <> to POSIX UID
<>

  
  
Usage 3:
delete idmap backend ... from smb.conf
# kdestroy
Restart winbind, getent passwd gives local as well as
domain users; generates no messages beyond:
[2004/09/28 15:17:11, 1] nsswitch/winbindd.c:main(854)
  winbindd version 3.0.7-2.FC2 started.
  Copyright The Samba Team 2000-2004
[2004/09/28 15:17:11, 1]
libsmb/clikrb5.c:ads_krb5_mk_req(313)
  krb5_cc_get_principal failed (No credentials cache found)


		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

Seemingly Similar Threads

Search for more apparently analagous threads

samba - Sep 2004 - Re: [Solved] Re: idmap_ad: sid to uid conversion fails

[Samba] Re: [Solved] Re: idmap_ad: sid to uid conversion fails

[Samba] idmap_ad requires kinit of machine acccount?

Seemingly Similar Threads