I've had the problem with various versions of 3.3.x - most recently 3.3.8 and 3.3.12. I have an older machine running 3.2.8 which works fine using essentially an identical smb.conf file.
My smb.conf file also has the idmap entries for each trusted domain, with non-overlapping id ranges. I did see the manual mapping option in wbinfo, but we have a fairly dynamic user base, so manual configuration didn't seem viable. Thanks for your help though! Hopefully someone can tell us both how to get the automatic mapping working... - rob. On 06/23/2010 12:04 PM, Gaiseric Vandal wrote: > Which samba version? > > I had Samba 3.0.x on Solaris 10, and winbind able to allocate uids and > gids to users and groups from trusted domain (at least to Windows 2003 > domains in mixed mode.) When I switched to a Samba 3.4.x PDC the > allocation of new uids and gids broke. I suspect there is some > configuration change in smb.conf I needed to make that was not obvious > (to me) in the documenation. > > I have an ldap backend- but temporarily changing to a TDB backend > didn't help. > > I worked around this by manually allocating uids and gids. With ldap > you can do this with an ldap editor. But you can also use the wbinfo > command to manuallly create uid-to-sid or gid-to-sid mappings with ldap > or tdb backend. > > It isn't really a long term solution but fortunately account > additions/deletions are minimal where I work. > > I did have idmap entries in smb.conf for each domain I wanted to trust, > in addition to the entries you listed. > > On 06/23/2010 02:24 PM, Rob Moser wrote: > > >> I have a problem where I can't browse to a samba share from Windows >> (Server 2008); instead I get the error: >> >> The group name could not be found >> >> The winbind log contains the message: >> >> could not convert gid 507 to sid >> >> Suspecting a permissions problem, I went and looked at the files and the >> group ownership has been set to BUILTIN\guests, which is not what I >> want. So I try to chgrp them to the domain group: >> >> chgrp -R 'dss users' /file >> chgrp: invalid group `dss users' >> >> But I know that that is the domain group that I want: >> >> wbinfo -g | grep dss >> dss users >> >> wbinfo -n 'dss users' >> S-1-5-21-2129867641-1992771036-1243820751-107019 Domain Group (2) >> >> But winbind apparently cannot resolve it to a gid: >> >> wbinfo -Y S-1-5-21-2129867641-1992771036-1243820751-107019 >> Could not convert sid S-1-5-21-2129867641-1992771036-1243820751-107019 >> to gid >> >> My nsswitch.conf file does list winbind for users and groups. My >> smb.conf file contains (in part, obviously): >> >> idmap alloc backend = tdb >> idmap alloc config:range = 10000 - 4000000 >> idmap uid = 10000 - 4000000 >> idmap gid = 10000 - 4000000 >> >> winbind enum users = no >> winbind enum groups = no >> winbind nested groups = yes >> winbind use default domain = yes >> >> So it is using a default domain (the correct one; I checked) and I'm not >> just running out of gids. My various /var/log/samba/log.* files contain >> almost exactly nothing from the time of the transaction. >> >> Any help appreciated, >> >> - rob. >> >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba