On 22/05/2012 22:17, Newman, John W wrote: > Well.. I'm not really sure what that is (I inherited this project). In > smb.conf all he has here is: idmap uid = 10000-20000 idmap > gid=10000-20000 .... I don't see idmap backend = set at all in here. That is > probably a big part of the problem isn't it? If you have to keep a consistent uid and gid mapping (not really needed, unless you use NFS, I think), use another idmap backend. I used RID that applies a simple formula to the SID to obtain uid and gid consistent across all the clients accessing an NFS server.
>> Are nsswitch.conf and PAM configured for authentication? > For what kind of authentication? /etc/nsswitch and /etc/pam/* are untouched > from the defaults. Edit /etc/nsswitch.conf to include winbind as data source for both passwd and group info. Once you've done this, you'll be able to use AD names as standard *nix names, and the reverse mapping will automatically happen (like when doing an "ls -l"). If you don't do that, you'll keep getting "unknown group". PS: I prefer to keep "normalize names", that makes AD names lowercase and replaces spaces with underscores. This is my winbind-related part of smb.conf: # Big dir -- I must disable enums. If your dir is small, enable 'em! winbind enum users = No winbind enum groups = No # Allow logon even if network isn't available winbind offline logon = Yes # Deep-resolve groups (heavy and slow!) winbind nested groups = Yes # *nix-friendly names winbind normalize names = Yes winbind refresh tickets = Yes winbind use default domain = yes winbind uid = 10000-99999 winbind gid = 10000-99999 idmap domains = PERSONALE STUDENTI idmap config PERSONALE:backend = rid idmap config PERSONALE:base_rid = 500 idmap config PERSONALE:range = 100000 - 49999999 idmap config STUDENTI:backend = rid idmap config STUDENTI:base_rid = 500 idmap config STUDENTI:range = 50000000 - 99999999 BYtE, Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba