Hey all
I'm currently trying to use squid and winbind to filter internet access
based on groups in a windows 2000 active directory domain. Im running Mandrake
10.1 Community and samba 3.0.10 installed from rpm.
Following the directions in the samba manual for setting up winbind I have:
- configured nsswitch.conf
- checked to see if the libnss_winbind.so library is there
- checked to see if the symbolic link was there
- added relevent lines to the smb.conf as described in the manual
- Joined domain successfully
I can use wbinfo to check the shared secret and get a listing of users and
groups from the domain. But when I use getent passwd and getent groups it only
shows local users and groups on the Linux machine and not those from the windows
domain as well. Is there a command I have to use to synchronise users and groups
so I can get a unified listing on the linux box.
********************************************
My Smb.conf
[Global]
Workgroup = MYDOMAIN
netbiosname = squidtest
security = DOMAIN
# Domain Stuff
winbind separator = \
idmap uid = 30000-40000
idmap gid = 30000-40000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/MYDOMAIN/%U
winbind use default domain = yes
obey pam restrictions = yes
password server = MYPASSWORDSERVER
encrypt passwords = yes
[Share 1]
path = /home/jim
comment = Jim's Home Folder
public = yes
**********************************************
Also this appears in my /var/log/samba/log.winbindd log everytime i start
samba/winbind.
[2006/02/10 11:06:35, 1] nsswitch/winbindd.c:main(864)
winbindd version 3.0.10 started.
Copyright The Samba Team 2000-2004
[2006/02/10 11:06:35, 0] nsswitch/winbindd_util.c:winbindd_param_init(560)
winbindd: idmap uid range missing or invalid
[2006/02/10 11:06:35, 0] nsswitch/winbindd_util.c:winbindd_param_init(561)
winbindd: cannot continue, exiting.
[2006/02/10 11:06:35, 1] nsswitch/winbindd.c:main(897)
Could not init idmap -- netlogon proxy only
I have also noted that from messing about with wbinfo switches i can get
listings of groups for a particular user on the domain. I then remove that user
from one of the groups they belong to on the domain controller and run the same
command again and it doesnt show a different list of groups. I am confused as
this must mean its looking at user and group data locally on the linux box as it
shows old data but when i run getent passwd and getent group it still comes back
with only the linux users and groups.
Is there any configuration options i have not set up in my smb.comf or am i
missing something else?
Thanks in advance
James
_____________________________________________________________________
This transmission and any attachments are confidential and are intended solely
for the named addressee (s). If you are not the addressee, please do not read,
copy, use or disclose this transmission and please notify us immediately by
telephone on
+44 (0) 1670 594848 or by reply. Please then delete this transmission from your
system.
Although we have taken steps to ensure that this email and attachments are free
from viruses, we advise that in keeping with good computing practice the
recipient must ensure that they in fact are virus free.
No contracts may be concluded on behalf of Fone Logistics LTD by means of email
communications.
