MailLists
2005-Jan-31 20:49 UTC
[Samba] How to support idmap_rid on Fedora Core 3?- RESOLVED
Resolved: I was not able to compile then make install and have work so I ended up using the FC3 packages and adding only the freshly compiled idmap_rid module. Thanks for the help. Brian Hoover MailLists wrote:> John, sorry I did not mean to reply directly, I hate MS-Outlook! > > John H Terpstra wrote: >> On Sunday 30 January 2005 09:17, MailLists wrote: >>> Hello, >>> >>> Please forgive me if this has been discussed, I did not find any >>> references when I searched. >>> >>> I'm trying to replace a W2K server with a samba member server in a >>> single ADS domain. >>> >>> It seems that the Fedora rpms do not support idmap_rid so I am >>> trying to compile from the Fedora SRPM. After following the docs >>> for building and configuring idmap_rid I get no ADS users from >>> `getent passwd`. wbinfo -u returns the user list without the >>> DOMAIN\ prefix. >>> >>> When I try to connect to the samba share I am confronted with an >>> auth box that I have not been able to satisfy. >>> >>> /var/log/samba/winbindd includes: >>> idmap_init: using 'idmap_rid' as remote backend >>> >>> Can anyone help? >> >> As one of the arguments to the 'configure' command add: >> >> --with-shared-modules=idmap_rid \ >> >> Then rebuild. Make sure you add the idmap_rid module to the >> /usr/lib/samba/idmap directory. >> >> - John T. >> > > I compiled with: > ./configure --with-shared-modules=idmap_rid --with-ads --with-pam > --with-pam_smbpass --with-logbasedir=/var/log/samba > > Then created the dir: > /usr/lib/samba/idmap > > then added the symlink: > /usr/lib/samba/idmap/idmap_rid.so -> > /usr/local/samba/lib/idmap/idmap_rid.so > > Restarted the daemons - nmbd then winbond then smbd But getent passwd > still gives no ADS users. > > Brian > >>> >>> Thanks, >>> Brian Hoover >>> >>> /*/*/*/*/* smb.conf /*/*/*/*/*/* >>> [global] >>> unix charset = LOCALE >>> workgroup = VIDAR >>> realm = VIDAR.CORP >>> server string = BIS05 >>> security = ADS >>> allow trusted domains = No >>> log level = 10 >>> syslog = 0 >>> log file = /var/log/samba/%m >>> max log size = 50 >>> ldap ssl = no >>> idmap backend = idmap_rid:VIDAR=10000-20000 >>> idmap uid = 10000-20000 >>> idmap gid = 10000-20000 >>> template shell = /bin/bash >>> winbind enum users = No >>> winbind enum groups = No >>> winbind use default domain = Yes >>> winbind nested groups = Yes >>> >>> [users] >>> comment = User Folders >>> path = /smb/users >>> admin users = root, 'Domain Admins' >>> read only = No >>> guest ok = Yes >>> >>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/* >>> >>> /*/*/*/*/* config.log SNIPPED /*/*/*/*/*/* >>> >>> $ ./configure --with-shared-modules=idmap_rid --with-ads --with-pam >>> --with_pamsmbpass >>> >>> #define HAVE_LDAP 1 >>> #define HAVE_KRB5 1 >>> >>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/* >>> >>> /*/*/*/*/* nsswitch.conf /*/*/*/*/*/* >>> >>> passwd: files winbind >>> shadow: files winbind >>> group: files winbind >>> >>> hosts: files dns wins >>> >>> >>> bootparams: nisplus [NOTFOUND=return] files >>> >>> ethers: files >>> netmasks: files >>> networks: files >>> protocols: files >>> rpc: files >>> services: files >>> >>> netgroup: files >>> >>> publickey: nisplus >>> >>> automount: files >>> aliases: files nisplus >>> >>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/* >>> >>> /*/*/*/*/* nsswitch.conf /*/*/*/*/*/* >>> >>> #%PAM-1.0 >>> auth required /lib/security/$ISA/pam_env.so >>> auth sufficient /lib/security/$ISA/pam_unix.so likeauth >>> nullok auth sufficient /lib/security/$ISA/pam_winbind.so >>> use_first_pass auth required >>> /lib/security/$ISA/pam_deny.so >>> >>> account required /lib/security/$ISA/pam_unix.so >>> account sufficient /lib/security/$ISA/pam_winbind.so >>> use_first_pass >>> >>> password required /lib/security/$ISA/pam_cracklib.so retry=3 >>> type= # Note: The above line is complete. There is nothing following >>> the '=' password sufficient /lib/security/$ISA/pam_unix.so \ >>> nullok use_authtok md5 >>> shadow password sufficient /lib/security/$ISA/pam_winbind.so >>> use_first_pass password required >>> /lib/security/$ISA/pam_deny.so >>> >>> session required /lib/security/$ISA/pam_limits.so >>> session sufficient /lib/security/$ISA/pam_unix.so >>> session sufficient /lib/security/$ISA/pam_winbind.so >>> use_first_pass >>> >>> /*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/* >> >> -- >> John H Terpstra >> Samba-Team Member >> Phone: +1 (650) 580-8668 >> >> Author: >> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 >> Samba-3 by Example, ISBN: 0131472216 >> Hardening Linux, ISBN: 0072254971 >> Other books in production.
Reasonably Related Threads
Wisdom of the Ancients
