Ivo Karabojkov wrote:
I was totally unable to get idmap_rid working! So I am using the default
IDMAP backend - tdb.
Not good if you need that the same user receives the same UID on
different machines.
The problem with not working pw user / group show -a or getent passwd /
group was that nss_winbind.so was not where it supposed to. To correct this
I used:
ln -s /usr/local/lib/nss_winbind.so.1 /usr/lib/
ln -s /usr/local/lib/nss_winbind.so.1 /usr/lib/nss_winbind.so.2
That's really ugly and shouldn't be needed on ANY distro. And it seems
you're looking for troubles (.1 and .2 IIRC have different ABI).
Now all my users and groups are visible with pw or getent!
rid backend would give predictable sid <-> uid/gid mapping, with this
solution mapping changes every time server is joined to AD domain. But I
failed setting it up - it seems idmap_rid does not map anything...
If someone may help with better solution I will be grateful.
In my config I map users in two domains to different UID/GID values with
the following config:
winbind uid = 100000-100000000
winbind gid = 100000-100000000
idmap config DOM1:backend = rid
idmap config DOM1:base_rid = 500
idmap config DOM1:range = 100000 - 49999999
idmap config DOM2:backend = rid
idmap config DOM2:base_rid = 500
idmap config DOM2:range = 50000000 - 99999999
Maybe you need just:
winbind uid = 100000-100000000
winbind gid = 100000-100000000
idmap config backend = rid
And be sure to "testparm -v" any changes to smb.conf
--
Diego Zuccato
Servizi Informatici
Dip. di Astronomia - Università di Bologna
Via Ranzani, 1 - 40126 Bologna - Italy
tel.: +39 051 20 95786
mail: diego.zucc...@unibo.it
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
