Hi all!
I finally found partial but satisfying decision of my problem with FreeBSD
7.2 AD member problem, posted early on this list. I was unable to get
idmap_rid working and now I am using idmap_tdb backend.
My problem is: when AD server (Windows 2003, only one server) is restarted
parts of IDMappings are lost and not restored until Samba is restarted.
After restart SIDs are mapped to exacts UIDs and GIDs, so my ACLs are not
messed up. But I think it is difficult to restart Samba server every time
Windows restarts.
When problem (restart) occurs I find following messages in my logs:
[2009/11/22 17:51:02, 1] winbindd/winbindd_ads.c:lookup_groupmem(1137)
lsa_lookupsids call failed with NT_STATUS_PIPE_BROKEN - retrying...
[2009/11/22 17:51:02, 0] lib/util_sock.c:write_data(1139)
write_data: write failure. Error = Broken pipe
[2009/11/22 17:51:02, 0] rpc_client/cli_pipe.c:rpc_api_pipe(930)
rpc_api_pipe: write_data returned Broken pipe
Here is my smb.conf
[global]
netbios name = SMBERVER
workgroup = DOMAIN
realm = DOMAIN.LOCAL
server string = Samba Server
security = ADS
log level = 1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 500
password server = 192.168.1.10
winbind enum users = Yes
winbind enum groups = Yes
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /var/spool/vacation/DOMAIN
template shell = /sbin/nologin
winbind separator = _ # FreeBSD pw has some issues with /,\ or + signs
case sensitive = No
hosts allow = 192.168.1. 10.1.55. 127.0.0.1
interfaces = localhost, nfe0
bind interfaces only = Yes
I'm looking forward any advice
Thanks in advance,
Ivo
--
View this message in context:
http://old.nabble.com/Samba-3.3.9-IDMAP-problem-tp26466387p26466387.html
Sent from the Samba - General mailing list archive at Nabble.com.
