From: Ryan Whelan on 12 Aug 2010 17:40 We have Windows 2008R2 domain controllers running 2003 functional level with SFU (i think thats what its called, im not the windows admin :p ) . With Winbind 3.0.33 (on Redhat 5.5) I can get the UIDs/GIDs from AD without issue using: idmap config DOMAIN:backend = ad idmap config DOMAIN:default = yes idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:range = 10000 - 30000 winbind nss info = rfc2307 However, with winbind/samba 3.3 and 3.5 (i've tried both) i just can't get the NSS info to be retrieved. With above config, it doesn't work. i've tried the idmap adex plugin and i get the same results. The current config is lifted right from the idmap_adex man page: idmap backend = adex idmap uid = 10000-30000 idmap gid = 10000-30000 winbind nss info = adex winbind normalize names = yes # winbind nss info = rfc2307 # winbind nss info = sfu (neither of these work) With this config, i can get all the user names and SIDs from AD. `wbinfo -u` will print all the domain user names, and `wbinfo -n administrator` will return the SID. However, `wbinfo -i administrator` returns "Could not get info for user administrator" as does `id administrator` (i have 'default domain' set to 'true') Everything works if i let samba assign UIDs. What am i missing? It doesn't look like there is much info on the adex plugin. i can't find much other than the usage in the man page. I'm not sure what all info would be helpful to include as im not sure im even trying the right config/plugins. If i missed the how-to on this, please point me in the correct direction. Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: Samba idmap against ad Next: [Samba] How to change the home shared name |