From: Ryan Whelan on
We have Windows 2008R2 domain controllers running 2003 functional level with
SFU (i think thats what its called, im not the windows admin :p ) . With
Winbind 3.0.33 (on Redhat 5.5) I can get the UIDs/GIDs from AD without issue
using:

idmap config DOMAIN:backend = ad
idmap config DOMAIN:default = yes
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000 - 30000
winbind nss info = rfc2307

However, with winbind/samba 3.3 and 3.5 (i've tried both) i just can't get
the NSS info to be retrieved. With above config, it doesn't work. i've
tried the idmap adex plugin and i get the same results. The current config
is lifted right from the idmap_adex man page:

idmap backend = adex
idmap uid = 10000-30000
idmap gid = 10000-30000
winbind nss info = adex
winbind normalize names = yes

# winbind nss info = rfc2307
# winbind nss info = sfu
(neither of these work)

With this config, i can get all the user names and SIDs from AD. `wbinfo -u`
will print all the domain user names, and `wbinfo -n administrator` will
return the SID. However, `wbinfo -i administrator` returns "Could not get
info for user administrator" as does `id administrator` (i have 'default
domain' set to 'true')

Everything works if i let samba assign UIDs.

What am i missing? It doesn't look like there is much info on the adex
plugin. i can't find much other than the usage in the man page.

I'm not sure what all info would be helpful to include as im not sure im
even trying the right config/plugins. If i missed the how-to on this,
please point me in the correct direction.

Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba