hi, i have a question about winbind, idmap_rid and trusted domains. at sambaxp jerry said it's possible to have idmap_rid working with trusted domains. this is what we would like to have here. smbd -b doesn't show this compile option on 3.0.14a rpm (SuSE). may be this is normal, but how do i ensure that this option is in my binary w/ testing too much :) or how can i compile it myself? will this work only on samba >3.0.14a or with all samba versions that are shipped with idmap_rid support? thx for your help in advance! cheerz -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137
ok, one step further:
idmap backend = idmap_rid:DOMA=10000-20000,TRUSTDOMB=20001-30000
idmap uid = 10000-30000
idmap gid = 10000-30000
winbind enum users = no
winbind enum groups = no
template shell = /bin/bash
allow trusted domains = no
winbind trusted domains only =no
winbind use default domain = yes
id user (from DOMA) gives a UIDNumber (according to idmap range).
id TRUSTDOMB\user gives
[ 978]: sid to uid S-1-5-21-3912345646-894196617-3681078760-4070
rid_idmap_get_id_from_sid: no suitable range available for sid:
S-1-5-21-3912345646-894196617-3681078760-4070
???
i think the compile time option -DIdmap_rid_support_trusted_domains is
still missing, but how to find this out or how to enable it?
thx!
Michael Gasch wrote:> hi,
>
> i have a question about winbind, idmap_rid and trusted domains. at
> sambaxp jerry said it's possible to have idmap_rid working with trusted
> domains. this is what we would like to have here.
>
> smbd -b doesn't show this compile option on 3.0.14a rpm (SuSE). may be
> this is normal, but how do i ensure that this option is in my binary w/
> testing too much :) or how can i compile it myself? will this work only
> on samba >3.0.14a or with all samba versions that are shipped with
> idmap_rid support?
>
> thx for your help in advance!
> cheerz
>
--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany
Phone: 49 (0)341 - 3550 137
Hi Michael, On Wed, Oct 26, 2005 at 04:21:15PM +0200, Michael Gasch wrote:> hi, > > i have a question about winbind, idmap_rid and trusted domains. at > sambaxp jerry said it's possible to have idmap_rid working with trusted > domains. this is what we would like to have here.Please, please, please just experiment with that when you exactly know what you are doing.> smbd -b doesn't show this compile option on 3.0.14a rpm (SuSE). may be > this is normal, but how do i ensure that this option is in my binary w/ > testing too much :) or how can i compile it myself? will this work only > on samba >3.0.14a or with all samba versions that are shipped with > idmap_rid support?This will work with all versions. Simply put it into the CFLAGS before compiling CFLAGS="-DIDMAP_RID_SUPPORT_TRUSTED_DOMAINS" ./configure --your-opts && make Guenther BTW: The packages available at ftp://ftp.suse.com/pub/projects/samba all have this flag set. -- G?nther Deschner GPG-ID: 8EE11688 Novell / SUSE LINUX gd@suse.de Samba Team gd@samba.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20051026/4b02232d/attachment.bin