FreeBSD 7.2 domain member problem
in [Samba]
|
From: Ivo Karabojkov on 12 Nov 2009 10:20 Sorry I don't know what caused everyone to lose interest in my previous post... What may be the reason for the error: winbindd/idmap.c:idmap_init_passdb_domain(438) Could not init passdb idmap domain I have another problem too: winbindd/winbindd_user.c:winbindd_fill_pwent(97) error getting user id for sid S-1-5.......... I tried adding passdb backend=tdbsam in my smb.conf but no result at all. Do I have to use LDAP backend for IDMAP? Is there something with idmap:rid? Any help or advice would be appreciated! -- View this message in context: http://old.nabble.com/FreeBSD-7.2-domain-member-problem-tp26204285p26289538.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Dale Schroeder on 12 Nov 2009 12:40 Ivo Karabojkov wrote: > Sorry I don't know what caused everyone to lose interest in my previous > post... > > What may be the reason for the error: > > winbindd/idmap.c:idmap_init_passdb_domain(438) > Could not init passdb idmap domain > > I have another problem too: > winbindd/winbindd_user.c:winbindd_fill_pwent(97) > error getting user id for sid S-1-5.......... > > I tried adding passdb backend=tdbsam in my smb.conf but no result at all. > Do I have to use LDAP backend for IDMAP? Is there something with idmap:rid? > > Any help or advice would be appreciated! > From your smb.conf, the "idmap backend" that you have commented out is the correct one. Try changing that, then see if there is any improvement. http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2606608 http://groups.google.com/group/mailing.unix.samba/browse_thread/thread/48cc0808ab6fee08 #idmap backend = idmap_rid:DOMAIN=10000-100000000 [*this is the correct one*] idmap backend = rid # ldap ssl = no idmap uid = 10000-100000000 idmap gid = 10000-100000000 allow trusted domains = No winbind enum users = yes winbind enum groups = yes # winbind refresh tickets = Yes winbind nested groups = No <http://groups.google.com/group/mailing.unix.samba/browse_thread/thread/48cc0808ab6fee08> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Ivo Karabojkov on 14 Nov 2009 10:10 Thank you very much for your reply! I commented the correct line in my tries to get this working. I have partial success WITHOUT idmap backend, with following smb.conf: [global] netbios name = SERVER workgroup = DOMAIN realm = DOMAIN.LOCAL server string = Samba Server security = ADS username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 # printcap name = CUPS ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 # template primary group = "Domain Users" // seems no longer supported template shell = /sbin/nologin # winbind separator = + // backslash is OK for me # printing = cups hosts allow = 192.168.1. 10.1.55. 127.0.0.1 interfaces = localhost, nfe0 bind interfaces only = Yes [pub] comment = Public path = /var/samba/pub guest ok = No browseable = Yes I can join the AD, see users with wbinfo -u and I can not find the users with getent passwd! I can still chown a folder stating "DOMAIN\user or group" and in ls -l owner:group is displayed OK. When I add: idmap backend = idmap_rid:DOMAIN=10000-100000000 I get the warning: [2009/11/12 23:17:45, 1] winbindd/idmap.c:parse_idmap_module(244) idmap_init: idmap backend uses deprecated 'idmap_' prefix. Please replace 'idmap_rid:DOMAIN=10000-100000000' by 'rid:DOMAIN=10000-100000000' Now I see only uid/gid for previously chowned directory, no users with getent ... Changing the syntax according to message changes nothing. winbindd log shows something like: [2009/11/12 23:19:20, 1] winbindd/winbindd_group.c:getgrgid_recv(1015) could not convert gid 10005 to sid I have my partial success back commenting the idmap backend. I still can't see all domain users / groups neither with getent nor pw usershow -a -- View this message in context: http://old.nabble.com/FreeBSD-7.2-domain-member-problem-tp26204285p26326852.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Ivo Karabojkov on 14 Nov 2009 16:40
Sorry for my triple answer, the message was rejected by the mailing list last few days and I tried to resend it over and over again. -- View this message in context: http://old.nabble.com/FreeBSD-7.2-domain-member-problem-tp26204285p26354107.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |