Hi, I'm having some problems in the following situation: - a SLES9 PDC (Samba/OpenLDAP) - a IBM NAS500 Gateway, supposed to be a storage with SMB features, but Samba is far better than that I've got Samba 3.0.23 working, and i can see my LDAP users/groups (through aix native ldap client -- i mean, the "id" command returns every user found in the base). However, i'm not able to assign new permissions to my folders, since i get this error: create_canon_ace_lists: unable to map SID S-1-5-21-112207604-471413004-518595180-18138 to uid or gid. I was told that i needed to use winbindd, and that really worked (thanks Idra), BUT, that raises another problem: since i have to specify idmap ranges for uid/gid, i lost my unique uid stored in the LDAP base. I've tried to use idmap "backend = ldap:ldap://myserver", but, i still have to specify those ranges, otherwise i get this error: [2006/08/09 10:49:59, 0] nsswitch/winbindd_util.c:winbindd_param_init(787) winbindd: idmap uid range missing or invalid [2006/08/09 10:49:59, 0] nsswitch/winbindd_util.c:winbindd_param_init(788) winbindd: cannot continue, exiting. [2006/08/09 10:49:59, 1] nsswitch/winbindd.c:main(986) Could not init idmap -- netlogon proxy only Finally, Some questions: - Why do i have to still specify idmap ranges when using backend = ldap? - Does winbindd ldap support work with OpenLDAP? - Has anyone been able to do something like this? I mean, using a unique UID across multiple environments? Thanks!
Carlos Eduardo Pedroza Santiviago
2006-Aug-09 17:22 UTC
[Samba] Re: Samba, AIX and Winbind
[...]> - Has anyone been able to do something like this? I mean, using a > unique UID across multiple environments?More on this: $ ldapsearch -b ou=idmap,dc=domain -x # extended LDIF # # LDAPv3 # base <ou=idmap,dc=domain> with scope sub # filter: (objectclass=*) # requesting: ALL # # Idmap, DOMAIN dn: ou=Idmap,dc=DOMAIN objectClass: organizationalUnit objectClass: sambaUnixIdPool ou: Idmap gidNumber: 10010 uidNumber: 10001 # S-1-5-21-112207604-471413004-518595180-18138, Idmap, domain dn: sambaSID=S-1-5-21-112207604-471413004-518595180-18138,ou=Idmap,dc=domain objectClass: sambaIdmapEntry objectClass: sambaSidEntry uidNumber: 10000 sambaSID: S-1-5-21-112207604-471413004-518595180-18138 As i see above, when using winbind to map SID to UID, and using LDAP as backend, it'll map every entry below ou=Idmap,dc=domain. But, why doesn't it use the same uid for my user?