Dear list,
i had some problems with "net sam provision" using samba 3.4.0
I followed the instructions described on
http://wiki.samba.org/index.php/Ldapsam_Editposix and those published by iX
4-6/2008 (www.ix.de)
but the result of "net sam provision" was always :
# bin/net sam provision
Checking for Domain Users group.
Adding the Domain Users group.
Unable to allocate a new gid to create Domain Users group!
Checking for Domain Admins group.
Adding the Domain Admins group.
Unable to allocate a new gid to create Domain Admins group!
Check for Administrator account.
Adding the Administrator user.
Can't create Administrator user, Domain Admins group not available!
The "only configuration" which is working under 3.4.0 regarding "net sam
provision" seems to be :
[global]
workgroup = MYDOM
netbios name =
passdb backend = ldapsam:ldap://yoda.home.lan
ldap admin dn = cn=ldapadm,o=it,dc=home,dc=lan
ldap suffix = o=it,dc=home,dc=lan
ldap ssl = no
idmap alloc backend = ldap
idmap uid = 10000-19999
idmap gid = 10000-19999
idmap config MYDOM : range = 20000-29999
idmap config MYDOM : backend = ldap
idmap alloc config:ldap_url = ldap://yoda.home.lan
idmap alloc config:ldap_user_dn = cn=ldapadm,o=it,dc=home,dc=lan
idmap alloc config:ldap_base_dn = o=it,dc=home,dc=lan
ldapsam:editposix = yes
ldapsam:trusted = yes
If I omit
idmap uid =
idmap gid =
I obtain the error message mentioned above.
The only info I get about that problem is from :
Michael Adam (Samba Team, SerNet): ID Mapping Re-Revisited (sambaxp.org)
"idmap domains" seem to be obsolete. testparm always complains about :
Unknown parameter encountered: "idmap domains"
Ignoring unknown parameter "idmap domains"
Honestly I don't understand the difference between "idmap alloc backend = " and
"idmap backend = "
idmap alloc backend (G)
The idmap alloc backend provides a plugin interface for Winbind to use when
allocating Unix uids/gids for Windows SIDs.
This option is to be used in conjunction with the idmap domains parameter and
refers to the name of the idmap module which will provide the id allocation
functionality.
idmap backend (G)
The idmap backend provides a plugin interface for Winbind to use varying
backends to store SID/uid/gid mapping
tables. This option is mutually exclusive with the newer and more flexible
idmap domains parameter. The main
difference between the "idmap backend" and the "idmap domains" is that the
former only allows one backend for all
domains while the latter supports configuring backends on a per domain basis.
Quite confusing for people like me ...
kind regards,
Jan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
