On Wed, 2013-06-05 at 13:30 +0100, Rowland Penny wrote: > Hi, I gave up on winbind, it is just too complicated and most, if not all, > of the webpages I found via google are incomplete or just down right wrong. >
It's actually dead simple, and these days the manual page is actually accurate. Really if you cannot get it working you cannot read. Now assuming that the BECAUSE domain actually has the uidNumber field populated a working configuration would be (this was taken from a working configuration and modified to change the domain). # deal with NSS and the whole UID/SID id mapping stuff idmap config * : backend = tdb idmap config * : range = 2000000 - 2999999 idmap config BECAUSE : backend = ad idmap config BECAUSE : schema_mode = rfc2307 idmap config BECAUSE : readonly = yes idmap config BECAUSE : range = 500 - 1999999 idmap cache time = 604800 idmap negative cache time = 20 winbind cache time = 600 winbind nss info = rfc2307 winbind expand groups = 2 winbind nested groups = yes winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind refresh tickets = yes winbind offline logon = false Noting of cause that you must have a valid join to the domain, that winbind is running, that nscd is *NOT* running and you have an appropriate /etc/nsswitch.conf You might also have badly messed up tdb files from previous experiments. I would recommend nuking them from orbit and starting afresh. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba