On 01/15/2012 12:35 PM, Jakov Sosic wrote:
Hi!
I am using mainly Samba 3.5 on CentOS, and I was very pleased with
idmap_rid backend for SID-to-RID mappings.
But on Solaris 10, I can only use 3.6 because OpenCSW ships only 3.6.
Problem is, things are changed and are not working as expected...
Here is my config on RHEL Samba 3.5:
[global]
workgroup = WINDOMAIN
realm = WINDOMAIN.LOCAL
server string = localserver (Samba ver. %v)
security = ADS
allow trusted domains = No
password server = someserver.windomain.local
log file = /var/log/samba/log.%m
load printers = No
local master = No
domain master = No
idmap backend = idmap_rid:WINDOMAIN=10000-49999
idmap uid = 10000-49999
idmap gid = 10000-49999
winbind use default domain = Yes
cups options = raw
And it works like a charm. On a version 3.6:
[global]
workgroup = WINDOMAIN
realm = WINDOMAIN.LOCAL
server string = localserver (Samba ver. %v)
security = ADS
allow trusted domains = No
username map = /etc/opt/csw/samba/smbusers
syslog = 0
log file = /var/opt/csw/samba/log/%m.log
max log size = 500
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
local master = No
domain master = No
winbind use default domain = Yes
idmap config * : range = 10000-49999
idmap config * : backend = rid : WINDOMAIN=10000-49999
Now, on a 3.6 I have the following problem:
# net ads testjoin
Join is OK
# net rpc testjoin
Join to 'WINDOMAIN' is OK
# net getlocalsid
SID for domain LOCALSERVER is: S-1-5-21-1414315435-1886595200-1013317001
# wbinfo -u | grep jakov.sosic
jakov.sosic
# wbinfo -i jakov.sosic
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user jakov.sosic
Where am I wrong? Why can't I get rid mappings for domain users?
Jakov,
That looks similar to what Robert LeBlanc posted with Samba Bug 8676
(Debian Bug 652679). Compare his findings to what you see.
https://bugzilla.samba.org/show_bug.cgi?id=8676
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679
On my test systems using RID, I see similar, but not identical symptoms
to his HASH backend. For me, a reboot will restore connectivity until I
need to restart Samba or winbind. Then nothing but another reboot will
get winbind working again.
Dale
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba