On Wed, 2003-07-02 at 21:14, Andrey Nepomnyaschih wrote: > Well, no luck for me. > > Can you specify the whole requirements for this to work. > > ... > passdb backend = ldapsam:ldap://localhost/ > ldap suffix = > ldap admin dn = > > Idmap backend = ldap:ldap://localhost/ > ... > > Should I enable ldap trust ids too?
I don't think it changes this issue. You do need to delete the winbindd_idmap.tdb to remove the previous cache. And you need the ldap suffix, ldap admin dn specified. Andrew Bartlett > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Andrew Bartlett > Sent: Wednesday, July 02, 2003 1:40 PM > To: Andrey Nepomnyaschih > Cc: [EMAIL PROTECTED]; 'Andrew Bartlett' > Subject: RE: [Samba] RID numbers > > > On Wed, 2003-07-02 at 19:18, Andrey Nepomnyaschih wrote: > > Hello Andrew, > > > > Well I've got the samba 3.0beta2 and it seems that Samba stills > > expects RID to be as (uidNumber * 2 + 1000). > > > > I'll try decribe the situation maybe the problem lies somewhere else. > > > > I have an Administrator account with uidNumber of 0. And whenever I > > set its RID to 500 (default from NT world) there's no way to add > > workstations to domain with the Administrator account. On the opposite > > > side when I set RID to 1000 (0 * 2 + 1000) it works fine. So I assume > > that samba doesn't use the mapping between uidNumber from posixAccount > > > and sambaSID from sambaSamAccount, when checks whether the account has > > > root access. > > > > Can you clarify this thing to me? > > In order to use arbitary rids in LDAP, you *must* use 'idmap backed = > ldap:ldap://localhost' (as appropriate for your setup). > > I will see how this can be best automated/documented to avoid future > confusion. > > Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba