Robert M. Martel - CSU
2008-Jul-31 13:36 UTC
[Samba] Unable to access server with IDMAP_RID in place - samba 3.2.0
Greetings, I have a number of samba servers that will need to become Active Directory (AD) member servers. The testing I've done so far with default mapping has worked just fine. I configured a server to be an AD member server, joined it to AD but was unable to access it from a client PC - I get prompted for authentication on the client which shouldn't be happening. The log file shows: [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user CSUNET\1001362 [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is csunet\1001362 [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(85) Trying _Get_Pwnam(), username as given is CSUNET\1001362 [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(104) Checking combinations of 0 uppercase letters in csunet\1001362 [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals didn't find user [CSUNET\1001362]! [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user 1001362 [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is 1001362 [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(104) Checking combinations of 0 uppercase letters in 1001362 [2008/07/31 09:08:19, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals didn't find user [1001362]! [2008/07/31 09:08:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(474) Username CSUNET\1001362 is invalid on this system If I comment out the IDMAP_RID line of smb.conf, I can access the server just fine. From the documentation and yesterday's web searches it seems very simple to use IDMAP_RID - nothing to set-up, just adding the line to the smb.conf with the UID range to use. Is there a step I am missing? This is Samba 3.2.0 on Sun Solaris (Sparc) 9. The section for this from my smb.conf looks like: idmap backend = idmap_rid:CSUNET=10000-20000 idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = no winbind enum groups = no winbind use default domain = yes winbind nested groups = Yes template shell = /usr/bin/bash template homedir = /home/%U allow trusted domains = No Any ideas appreciated as I don't know where to look. -Bob -- *********************************************************************** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 r.martel@csuohio.edu -Jeff Lynne ***********************************************************************