Hullo, After having my Samba server joined to a domain, I'm now having difficulties configuring winbind. I want to use the idmap_rid backend, and have recompiled Samba from scratch with the requisite rid.so module. However, no matter how "idmap domains / idmap config" is set up, it seems to get totally ignored. Here is my smb.conf: [global] workgroup = DEPARTMENTDOMAIN server string = NAS Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 security = ads realm = DEPARTMENTDOMAIN use kerberos keytab = true load printers = no local master = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 smb ports = 445 disable netbios = yes idmap domains = ORGUSERDOMAIN # Winbind RID idmap config ORGUSERDOMAIN: backend = rid idmap config ORGUSERDOMAIN: base_rid = 1000 idmap config ORGUSERDOMAIN: range = 10000-20000 Here is output from winbind: [ 7677]: lookupsid bleh get_cache: Setting MS-RPC methods for domain ORGUSERDOMAIN rpc: query_user sid=bleh error getting user info for sid bleh query_user returned an error Could not query domain ORGUSERDOMAIN SID bleh Thanks in advance, Naadir Jeewa
Naadir Jeewa wrote:> Hullo, > > After having my Samba server joined to a domain, I'm now having > difficulties configuring winbind. I want to use the idmap_rid backend, > and have recompiled Samba from scratch with the requisite rid.so module. > > However, no matter how "idmap domains / idmap config" is set up, it > seems to get totally ignored. Here is my smb.conf: > > [global] > > workgroup = DEPARTMENTDOMAIN > > server string = NAS Samba Server Version %v > > log file = /var/log/samba/log.%m > max log size = 50 > > security = ads > realm = DEPARTMENTDOMAIN > use kerberos keytab = true > > load printers = no > local master = yes > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > smb ports = 445 > disable netbios = yes > > idmap domains = ORGUSERDOMAIN > > # Winbind RID > idmap config ORGUSERDOMAIN: backend = rid > idmap config ORGUSERDOMAIN: base_rid = 1000 > idmap config ORGUSERDOMAIN: range = 10000-20000 > > > Here is output from winbind: > > [ 7677]: lookupsid bleh > get_cache: Setting MS-RPC methods for domain ORGUSERDOMAIN > rpc: query_user sid=bleh > error getting user info for sid bleh > query_user returned an error > Could not query domain ORGUSERDOMAIN SID bleh > > > Thanks in advance, > > Naadir Jeewa >Try setting your base_rid to 513.
Doug VanLeuven
2008-Apr-03 22:11 UTC
[Samba] Winbind ignores idmap configuration (3.0.28a)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Naadir Jeewa wrote: | Hullo, | | After having my Samba server joined to a domain, I'm now having | difficulties configuring winbind. I want to use the idmap_rid backend, | and have recompiled Samba from scratch with the requisite rid.so module. | | However, no matter how "idmap domains / idmap config" is set up, it | seems to get totally ignored. Here is my smb.conf: | | [global] | | workgroup = DEPARTMENTDOMAIN | | server string = NAS Samba Server Version %v | | log file = /var/log/samba/log.%m | max log size = 50 | | security = ads | realm = DEPARTMENTDOMAIN Unless you munged this for the list, it should be the REALM which is (at least in windows) usually the DNS domain. If you set it to the workgroup name, that would be a reason it can't find the DC. Regards, Doug -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFH9VX7FqWysr/jOHMRAt0qAJ9JXPCuyhblrhzcgGnCP6L4NSlNCQCffbMm +1gShQrurnUegKX7gZ25N9U=97G2 -----END PGP SIGNATURE-----