On Tue, 2013-07-23 at 10:15 +0200, steve wrote: [SNIP]
> > +1 > sssd just works: there is plain English documentation available and you > get rfc2307 out of the box. The same day;) > > otoh, if you must stick with winbind there are reports of success here. > Just one more thought to bugzilla it. > Winbind just works if you configure it properly. There is also plain English documentation available for winbind as well. The problem is that Matthew either did not read it or did not follow it. From "man idmap_ad" The writeable default config is also needed in order to be able to create group mappings. This catch-all default idmap configuration should have a range that is disjoint from any explicitly configured domain with idmap backend ad. This is where Matthew went wrong, it's right there in the man page (unlike three years ago). There are also a large smattering of posts from myself on this list over the last two years on how important it is not to have overlapping ranges for the local allocatable range. If you do it simply does not work. It's probably still not working for him because he needs to clear the now poluted cache/database that winbind has created from previous attempts. Using net cache flush might work. Personally I would stop samba delete the tdb files and start it again, redo the domain join and try it. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba