On Thu, 28 Jan 2010, Timo Aaltonen wrote:
On Thu, 28 Jan 2010, Timo Aaltonen wrote:
Hi
Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't.
The log.winbindd-idmap is filled with this:
More verbose part of the log where it goes wrong:
Bollocks. I had to change the config, this works:
[global]
workgroup = AALTO
realm = ORG.AALTO.FI
security = ADS
kerberos method = system keytab
idmap config AALTO : backend = ad
idmap config AALTO : readonly = yes
idmap config AALTO : schema_mode = rfc2307
idmap config AALTO : range = 1000-4000000000
idmap uid = 1000-4000000000
idmap gid = 1000-4000000000
winbind nss info = rfc2307
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind offline logon = true
winbind cache time = 5
winbind refresh tickets = true
A summary of the changes:
- idmap backend = ad -> idmap config AALTO : backend = ad
- add range & idmap uid/gid
(- added winbind offline/cache/refresh, but they are irrelevant here)
Without setting the range the uid would be mapped to the default value
(which I asked about last fall).
--
Timo Aaltonen
Systems Specialist
IT Services, Aalto University School of Science and Technology
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
