Re: [Samba] Samba 3.6 problems with idmap rid

Sun, 15 Jan 2012 11:00:22 -0800 

On 01/15/2012 12:35 PM, Jakov Sosic wrote:

Hi!

I am using mainly Samba 3.5 on CentOS, and I was very pleased with
idmap_rid backend for SID-to-RID mappings.

But on Solaris 10, I can only use 3.6 because OpenCSW ships only 3.6.
Problem is, things are changed and are not working as expected...

Here is my config on RHEL Samba 3.5:

[global]
         workgroup = WINDOMAIN
         realm = WINDOMAIN.LOCAL
         server string = localserver (Samba ver. %v)
         security = ADS
         allow trusted domains = No
         password server = someserver.windomain.local
         log file = /var/log/samba/log.%m
         load printers = No
         local master = No
         domain master = No
         idmap backend = idmap_rid:WINDOMAIN=10000-49999
         idmap uid = 10000-49999
         idmap gid = 10000-49999
         winbind use default domain = Yes
         cups options = raw



And it works like a charm. On a version 3.6:

[global]
         workgroup = WINDOMAIN
         realm = WINDOMAIN.LOCAL
         server string = localserver (Samba ver. %v)
         security = ADS
         allow trusted domains = No
         username map = /etc/opt/csw/samba/smbusers
         syslog = 0
         log file = /var/opt/csw/samba/log/%m.log
         max log size = 500
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         load printers = No
         local master = No
         domain master = No
         winbind use default domain = Yes
         idmap config * : range = 10000-49999
         idmap config * : backend = rid : WINDOMAIN=10000-49999


Now, on a 3.6 I have the following problem:

# net ads testjoin
Join is OK

# net rpc testjoin
Join to 'WINDOMAIN' is OK

# net getlocalsid
SID for domain LOCALSERVER is: S-1-5-21-1414315435-1886595200-1013317001

# wbinfo -u | grep jakov.sosic
jakov.sosic

# wbinfo -i jakov.sosic
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user jakov.sosic


Where am I wrong? Why can't I get rid mappings for domain users?


Jakov,
That looks similar to what Robert LeBlanc posted with Samba Bug 8676 (Debian Bug 652679). Compare his findings to what you see. 

https://bugzilla.samba.org/show_bug.cgi?id=8676
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679
On my test systems using RID, I see similar, but not identical symptoms to his HASH backend. For me, a reboot will restore connectivity until I need to restart Samba or winbind. Then nothing but another reboot will get winbind working again. 

Dale
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to