On 11 June 2015 at 23:18, buhorojo <buhorojo.lcb at gmail.com> wrote:> The idmap db will only be consulted if the object does not have either a > uidNumber or gidNumber attribute. The easiest way to stop the pain is to: > 1. make sure that your users have the two attributes > 2. remove the idmap line in smb.conf > 3. kill winbindd > 4. consult nss information directly from your unique ad database using sssdThank you. I wish I could use sssd - unfortunately it no longer starts up now I'm using rfc2307 and have "ldap_id_mapping = False" in sssd.conf (I've asked on the sssd mailing list what's up with that...) I wish I could just use algorithmic RID mapping on a DC, instead of needing to add rfc2307 attributes to all my users, argh! Thanks :) J -- "If we knew what it was we were doing, it would not be called research, would it?" - Albert Einstein
On 12/06/15 01:34, Jonathan Hunter wrote:> On 11 June 2015 at 23:18, buhorojo <buhorojo.lcb at gmail.com> wrote: >> p >> 3. kill winbindd >> 4. consult nss information directly from your unique ad database using sssd > Thank you. I wish I could use sssd - unfortunately it no longer startsThat's easy to fix. Send the output to the sssd list: sssd -i -d4 or send it here;)
Thanks buhorojo. The sssd list came up trumps here. When changing ID mappings, the sssd database must be manually removed (rm /var/lib/sss/db/*). I now have sssd working again :) I shall keep an eye on the mappings during the day today.. On 12 June 2015 at 07:36, buhorojo <buhorojo.lcb at gmail.com> wrote:> On 12/06/15 01:34, Jonathan Hunter wrote: >> >> On 11 June 2015 at 23:18, buhorojo <buhorojo.lcb at gmail.com> wrote: >>> >>> p >>> 3. kill winbindd >>> 4. consult nss information directly from your unique ad database using >>> sssd >> >> Thank you. I wish I could use sssd - unfortunately it no longer starts > > > That's easy to fix. Send the output to the sssd list: > sssd -i -d4 > > or send it here;) > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- "If we knew what it was we were doing, it would not be called research, would it?" - Albert Einstein