Hi!
I am using mainly Samba 3.5 on CentOS, and I was very pleased with
idmap_rid backend for SID-to-RID mappings.
But on Solaris 10, I can only use 3.6 because OpenCSW ships only 3.6.
Problem is, things are changed and are not working as expected...
Here is my config on RHEL Samba 3.5:
[global]
workgroup = WINDOMAIN
realm = WINDOMAIN.LOCAL
server string = localserver (Samba ver. %v)
security = ADS
allow trusted domains = No
password server = someserver.windomain.local
log file = /var/log/samba/log.%m
load printers = No
local master = No
domain master = No
idmap backend = idmap_rid:WINDOMAIN=10000-49999
idmap uid = 10000-49999
idmap gid = 10000-49999
winbind use default domain = Yes
cups options = raw
And it works like a charm. On a version 3.6:
[global]
workgroup = WINDOMAIN
realm = WINDOMAIN.LOCAL
server string = localserver (Samba ver. %v)
security = ADS
allow trusted domains = No
username map = /etc/opt/csw/samba/smbusers
syslog = 0
log file = /var/opt/csw/samba/log/%m.log
max log size = 500
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
local master = No
domain master = No
winbind use default domain = Yes
idmap config * : range = 10000-49999
idmap config * : backend = rid : WINDOMAIN=10000-49999
Now, on a 3.6 I have the following problem:
# net ads testjoin
Join is OK
# net rpc testjoin
Join to 'WINDOMAIN' is OK
# net getlocalsid
SID for domain LOCALSERVER is: S-1-5-21-1414315435-1886595200-1013317001
# wbinfo -u | grep jakov.sosic
jakov.sosic
# wbinfo -i jakov.sosic
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user jakov.sosic
Where am I wrong? Why can't I get rid mappings for domain users?
--
Jakov Sosic
www.srce.unizg.hr
On 01/15/2012 12:35 PM, Jakov Sosic wrote:> Hi! > > I am using mainly Samba 3.5 on CentOS, and I was very pleased with > idmap_rid backend for SID-to-RID mappings. > > But on Solaris 10, I can only use 3.6 because OpenCSW ships only 3.6. > Problem is, things are changed and are not working as expected... > > Here is my config on RHEL Samba 3.5: > > [global] > workgroup = WINDOMAIN > realm = WINDOMAIN.LOCAL > server string = localserver (Samba ver. %v) > security = ADS > allow trusted domains = No > password server = someserver.windomain.local > log file = /var/log/samba/log.%m > load printers = No > local master = No > domain master = No > idmap backend = idmap_rid:WINDOMAIN=10000-49999 > idmap uid = 10000-49999 > idmap gid = 10000-49999 > winbind use default domain = Yes > cups options = raw > > > > And it works like a charm. On a version 3.6: > > [global] > workgroup = WINDOMAIN > realm = WINDOMAIN.LOCAL > server string = localserver (Samba ver. %v) > security = ADS > allow trusted domains = No > username map = /etc/opt/csw/samba/smbusers > syslog = 0 > log file = /var/opt/csw/samba/log/%m.log > max log size = 500 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > load printers = No > local master = No > domain master = No > winbind use default domain = Yes > idmap config * : range = 10000-49999 > idmap config * : backend = rid : WINDOMAIN=10000-49999 > > > Now, on a 3.6 I have the following problem: > > # net ads testjoin > Join is OK > > # net rpc testjoin > Join to 'WINDOMAIN' is OK > > # net getlocalsid > SID for domain LOCALSERVER is: S-1-5-21-1414315435-1886595200-1013317001 > > # wbinfo -u | grep jakov.sosic > jakov.sosic > > # wbinfo -i jakov.sosic > failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for user jakov.sosic > > > Where am I wrong? Why can't I get rid mappings for domain users?Jakov, That looks similar to what Robert LeBlanc posted with Samba Bug 8676 (Debian Bug 652679). Compare his findings to what you see. https://bugzilla.samba.org/show_bug.cgi?id=8676 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679 On my test systems using RID, I see similar, but not identical symptoms to his HASH backend. For me, a reboot will restore connectivity until I need to restart Samba or winbind. Then nothing but another reboot will get winbind working again. Dale
Ever since upgrade to 3.6, wbinfo -u working but wbinfo -i hitting
WBC_ERR_DOMAIN_NOT_FOUND has been a headache, seems winbind always fails to
get the domain info for individual idmap the VERY FIRST TIME you start it
after upgrade or join a domain. Most of times I manage to solve it by
using:
<smb.conf>
idmap config * : range = 10000-20000
idmap config * : backend = tdb
idmap config MYDOMAIN : default = yes
idmap config MYDOMAIN : range = 100000-200000
idmap config MYDOMAIN : backend = rid
<smb.conf>
If above snip doesn't work, try your luck with changing "idmap config
*"
options back to old-style "idmap uid/gid = ...." + "idmap backend
= tdb"
while keeping your domain-specific options new-style, ought to solve it.
My observation is, it's like you have to give winbind/idmap a kick start
and once you get wbinfo -i working, you can again change back to "idmap
config *" (otherwise testparm will complain).
Regards
-David
2012/1/16 Jakov Sosic <jakov.sosic at srce.hr>
> Hi!
>
> I am using mainly Samba 3.5 on CentOS, and I was very pleased with
> idmap_rid backend for SID-to-RID mappings.
>
> But on Solaris 10, I can only use 3.6 because OpenCSW ships only 3.6.
> Problem is, things are changed and are not working as expected...
>
> Here is my config on RHEL Samba 3.5:
>
> [global]
> workgroup = WINDOMAIN
> realm = WINDOMAIN.LOCAL
> server string = localserver (Samba ver. %v)
> security = ADS
> allow trusted domains = No
> password server = someserver.windomain.local
> log file = /var/log/samba/log.%m
> load printers = No
> local master = No
> domain master = No
> idmap backend = idmap_rid:WINDOMAIN=10000-49999
> idmap uid = 10000-49999
> idmap gid = 10000-49999
> winbind use default domain = Yes
> cups options = raw
>
>
>
> And it works like a charm. On a version 3.6:
>
> [global]
> workgroup = WINDOMAIN
> realm = WINDOMAIN.LOCAL
> server string = localserver (Samba ver. %v)
> security = ADS
> allow trusted domains = No
> username map = /etc/opt/csw/samba/smbusers
> syslog = 0
> log file = /var/opt/csw/samba/log/%m.log
> max log size = 500
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> load printers = No
> local master = No
> domain master = No
> winbind use default domain = Yes
> idmap config * : range = 10000-49999
> idmap config * : backend = rid : WINDOMAIN=10000-49999
>
>
> Now, on a 3.6 I have the following problem:
>
> # net ads testjoin
> Join is OK
>
> # net rpc testjoin
> Join to 'WINDOMAIN' is OK
>
> # net getlocalsid
> SID for domain LOCALSERVER is: S-1-5-21-1414315435-1886595200-1013317001
>
> # wbinfo -u | grep jakov.sosic
> jakov.sosic
>
> # wbinfo -i jakov.sosic
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user jakov.sosic
>
>
> Where am I wrong? Why can't I get rid mappings for domain users?
>
>
>
> --
> Jakov Sosic
> www.srce.unizg.hr
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>