[Samba] "net sam provision" and samba 3.4.0
in [Samba]
|
From: Zeller, Jan on 6 Sep 2009 15:30 Dear list, i had some problems with "net sam provision" using samba 3.4.0 I followed the instructions described on http://wiki.samba.org/index.php/Ldapsam_Editposix and those published by iX 4-6/2008 (www.ix.de) but the result of "net sam provision" was always : # bin/net sam provision Checking for Domain Users group. Adding the Domain Users group. Unable to allocate a new gid to create Domain Users group! Checking for Domain Admins group. Adding the Domain Admins group. Unable to allocate a new gid to create Domain Admins group! Check for Administrator account. Adding the Administrator user. Can't create Administrator user, Domain Admins group not available! The "only configuration" which is working under 3.4.0 regarding "net sam provision" seems to be : [global] workgroup = MYDOM netbios name = passdb backend = ldapsam:ldap://yoda.home.lan ldap admin dn = cn=ldapadm,o=it,dc=home,dc=lan ldap suffix = o=it,dc=home,dc=lan ldap ssl = no idmap alloc backend = ldap idmap uid = 10000-19999 idmap gid = 10000-19999 idmap config MYDOM : range = 20000-29999 idmap config MYDOM : backend = ldap idmap alloc config:ldap_url = ldap://yoda.home.lan idmap alloc config:ldap_user_dn = cn=ldapadm,o=it,dc=home,dc=lan idmap alloc config:ldap_base_dn = o=it,dc=home,dc=lan ldapsam:editposix = yes ldapsam:trusted = yes If I omit idmap uid = idmap gid = I obtain the error message mentioned above. The only info I get about that problem is from : Michael Adam (Samba Team, SerNet): ID Mapping Re-Revisited (sambaxp.org) "idmap domains" seem to be obsolete. testparm always complains about : Unknown parameter encountered: "idmap domains" Ignoring unknown parameter "idmap domains" Honestly I don't understand the difference between "idmap alloc backend = " and "idmap backend = " idmap alloc backend (G) The idmap alloc backend provides a plugin interface for Winbind to use when allocating Unix uids/gids for Windows SIDs. This option is to be used in conjunction with the idmap domains parameter and refers to the name of the idmap module which will provide the id allocation functionality. idmap backend (G) The idmap backend provides a plugin interface for Winbind to use varying backends to store SID/uid/gid mapping tables. This option is mutually exclusive with the newer and more flexible idmap domains parameter. The main difference between the "idmap backend" and the "idmap domains" is that the former only allows one backend for all domains while the latter supports configuring backends on a per domain basis. Quite confusing for people like me ... kind regards, Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] NT_STATUS_BAD_NETWORK_NAME Next: "net sam provision" and samba 3.4.0 |