Hi, I eventually managed to install and join a Samba4 server as a member in an AD environment but I have a problem with the id command. wbinfo commands work but when I launch id command with a domain user I get "user unknown". Here is my smb.conf (Took from Samba Wiki) : idmap config *:backend = tdb idmap config *:range = 70001-80000 idmap config MYDOMAINNAME:backend = ad idmap config MYDOMAINNAME:schema_mode = rfc2307 idmap config MYDOMAINNAME:range = 500-40000 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes If I replace "idmap config MYDOMAINNAME:backend = ad" by "idmap config MYDOMAINNAME:backend = rid", id command works well. Why id command doesn't work with ad backend ? Thanks.
On 25/04/13 14:11, Jaymzwise Jaymzwise wrote:> Hi, > > I eventually managed to install and join a Samba4 server as a member in an > AD environment but I have a problem with the id command. > wbinfo commands work but when I launch id command with a domain user I get > "user unknown". > > Here is my smb.conf (Took from Samba Wiki) : > > idmap config *:backend = tdb > idmap config *:range = 70001-80000 > idmap config MYDOMAINNAME:backend = ad > idmap config MYDOMAINNAME:schema_mode = rfc2307 > idmap config MYDOMAINNAME:range = 500-40000 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > > If I replace "idmap config MYDOMAINNAME:backend = ad" by "idmap config > MYDOMAINNAME:backend = rid", id command works well. Why id command doesn't > work with ad backend ? > > Thanks.Hi, what version of samba4 did you use? reason is, before 4.0.5 winbind required the posix objectclasses posixAccount & posixGroup, these are no longer required. But having said that, forget winbind and use sssd, it is easier to use, have a look here: http://linuxcostablanca.blogspot.com.es/2013/04/sssd-in-samba-40.html Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
On Thursday, April 25, 2013 03:11:18 PM Jaymzwise Jaymzwise wrote:> Hi, > > I eventually managed to install and join a Samba4 server as a member in an > AD environment but I have a problem with the id command. > wbinfo commands work but when I launch id command with a domain user I get > "user unknown". > > Here is my smb.conf (Took from Samba Wiki) : > > idmap config *:backend = tdb > idmap config *:range = 70001-80000 > idmap config MYDOMAINNAME:backend = ad > idmap config MYDOMAINNAME:schema_mode = rfc2307 > idmap config MYDOMAINNAME:range = 500-40000 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > > If I replace "idmap config MYDOMAINNAME:backend = ad" by "idmap config > MYDOMAINNAME:backend = rid", id command works well. Why id command doesn't > work with ad backend ? > > Thanks.Hi, Not sure but you may doublecheck that the domain user have an uidNumber and a gidNumber. Those numbers should be in the range of your defined idmap config MYDOMAINNAME:range Some time ago I forgot the gidNumber see https://lists.samba.org/archive/samba/2013-February/171730.html -- Ali