[Samba] Samba 4, winbind and Active Directory integration Microsoft Windows Services for UNIX
Markert, Martin
I've successfully configure idmap_rid to read id mappings from our AD servers:
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
winbind offline logon = false
idmap config *:backend = rid
idmap config *:range = 50000-99999
idmap config *:schema_mode = rfc2307
But when I configure idmap_ad I'm not able to get the uidNumber and gidNumber from the AD servers:
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
winbind offline logon = false
idmap config ARRI:backend = ad
idmap config ARRI:range = 1000-999999
idmap config ARRI:schema_mode = rfc2307
[root@supermdc ~]# id schafha
uid=4294967295 gid=4294967295 groups=4294967295
This user "schafha" actually has a uidNumber 10000 and gidNumber 10000. Changing "idmap config ARRI" to "idmap config *" does not help:
[root@supermdc ~]# id schafha
id: markert1: No such user
Setup:
AD: Windows Server 2008 RC2 with Windows Services for UNIX
AD member: CentOS 6.6, sernet-samba-4.1.14-9
Please note: not all users and groups listed in AD have got a uidNumber and gidNumber? Is this a problem?
Kind regards,
Martin
Martin Markert
Systems Integrator
Tuerkenstr. 89, 80799 München / Germany
Phone +49 89 3809-1848
EMail MMar...@arri.de
Visit us on Facebook!________________________________
[http://www.arricommercial.de/wp-content/uploads/2015/02/2015-02-25-ARRI-Media_E-mail-Signatur_Oscar.jpg] <http://www.arri.de/filmtv>
Get all the latest information from www.arri.de/filmtv<http://www.arri.de/filmtv>, Facebook<https://www.facebook.com/pages/ARRI-Film-TV/117731121606986?fref=ts>
ARRI Film & TV Services GmbH
Sitz: München - Registergericht: Amtsgericht München
Handelsregisternummer: HRB 69396
Geschäftsführer: Franz Kraus; Dr. Jörg Pohlman; Josef Reidinger
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Markert, Martin
Rowland Penny
OK, try this:
idmap config * : backend = tdb
idmap config * : range = 2000-9999
idmap config ARRI : backend = ad
idmap config ARRI : schema_mode = rfc2307
idmap config ARRI : range = 10000-99999
also are you using sssd on the AD member ?
Rowland
Markert, Martin
Am 27.02.2015 um 15:17 schrieb Rowland Penny <rowlan...@googlemail.com>
:
I've changed the configuration but it doesn't help:
[root@supermdc ~]# id schafha
[root@supermdc ~]# winbindd -i -d9
...
accepted socket 21
[19077]: request interface version
[19077]: request location of privileged pipe
accepted socket 23
closing socket 21, client exited
getpwnam schafha
Could not convert sid S-1-5-21-1085031214-682003330-725345543-5934: NT_STATUS_NONE_MAPPED
closing socket 23, client exited
>
> also are you using sssd on the AD member ?
Martin
Rowland Penny
has 'Domain Users' got a 'gidNumber' ?
Markert, Martin
Am 27.02.2015 um 15:48 schrieb Rowland Penny <rowlan...@googlemail.com>
:
idmap_ad:
[root@supermdc ~]# getent passwd schafha
[root@supermdc ~]# getent passwd schafha
Idmap_rid:
[root@supermdc ~]# getent passwd schafha
schafha:*:15934:10513:Schafhauser, Florian:/home/ARRI/schafha:/bin/false
> has 'Domain Users' got a 'gidNumber' ?
Rowland Penny
ok, 'Domain Users' not having a 'gidNumber' could well be your problem :-)
Try giving 'Domain Users' a 'gidNumber' with ADUC and then try 'getent
passwd schafha' again.
Markert, Martin
Thank you, Rowland.
Markert, Martin
[root@supermdc ~]# getent passwd schafha
It's working.
Thank you for your help.