On 11/07/12 01:57, Nick Triantos wrote:
Hi, just a thought, have you added the RFC2307 uid/gid values to your users on the AD server? if you haven't, there will be nothing to find and it may throw the error that you are getting.Thanks Robert. I've tried switching over to the AD back-end (which does sound like what I want), but I still receive only the errors: failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND I restarted both winbind and smbd after changing the config. Is there some cache I have to flush, or some other config that needs to be changed beyond the settings in smb.conf? thanks again! -Nick My updated smb.conf: workgroup = CORP security = ADS #password server = 192.168.77.251 realm = CORP.MYCOMPANY.COM allow trusted domains = yes winbind use default domain = yes winbind nested groups = YES idmap config CORP : backend = ad idmap config CORP : default = yes idmap config CORP : schema_mode = rfc2307 idmap config CORP : range = 800 - 99999 On Jul 10, 2012, at 7:27 AM, Robert Freeman-Day wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nick, I think what you may be looking for is the ad backend: https://www.samba.org/samba/docs/man/manpages-3/idmap_ad.8.html Since you are using tdb in your config, it is using a local database and allocates UID/GIDs on the fly...first come, first served. So a user may not get the same UID from one machine to the next. Robert On 07/10/2012 12:20 AM, Nick Triantos wrote:Hi, I'm trying to get an Ubuntu 12.04 system's Samba (3.6.3) and Winbind to map userids and groups to the unix attributes in an AD 2008 server. I can see that when I perform an ldapsearch, I'm able to read the attributes, and for one of my accounts, the id should be 1001. However, when I run 'wbinfo -i<username>', I get back something like 920. At one point, I was setting the idmap range to start at 900, but I've since removed that from my config, and restarted winbindd and smbd. I've also tried to 'net cache flush'. I also see wbinfo -i<someuser> usually returns: failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user <someuser> The relevant parts of my smb.conf are below. I've tried patching this together from various tuts and help pages. Any guidance would be very helpful. thanks! -Nick [global] workgroup = CORP security = ADS password server = 192.168.77.251 realm = CORP.MYCOMPANY.COM allow trusted domains = yes winbind use default domain = yes winbind nested groups = YES idmap config CORP : backend = tdb idmap config CORP : default = yes idmap config CORP : schema_mode = rfc2307 idmap config CORP : range = 1000 - 9999 idmap config * : backend = tdb encrypt passwords = true obey pam restrictions = yes client use spnego = yes client ntlmv2 auth = yes encrypt passwords = true restrict anonymous = 2 unix password sync = yes winbind enum groups = yes winbind enum users = yes winbind nss info = rfc2307- - -- ________ Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/8O4QACgkQup357T5MfTZprwCeJ7iMF7NcxUctOd7bOAFqT4ZZ AAgAoMqnWGK5E5LWZxxMxsUaVhfbil9Y =yLz3 - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/8O7UACgkQup357T5MfTaCgACdHU8bg9f9cJ9+xgH6GuBchjJ+ 3iQAoLndWChQKGLDkeGGTRaCM00LwHKb =eagU -----END PGP SIGNATURE-----
Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Linux] [Info Cyrus] [LARTC] [Bugtraq] [Netfilter] [Internet Dating Forums] [RAID] [Yosemite News] [Photography]
|
|