I'm doing the same thing but with NT4 so I'm not using active directory. The only thing you haven't mentioned that I can think of is nsswitch.conf, you should have -
Passwd: files winbind Group: files winbind Getent works for me, I'm stuck with getting log ons to the Solaris machine with NT usernames to work. They seem to have changed something in Solaris 9, even Sun hasn't been able to help me! -----Original Message----- From: ww m-pubsyssamba [mailto:[EMAIL PROTECTED] Sent: 08 January 2004 13:45 To: Ganguly, Sapan ; [EMAIL PROTECTED] Subject: RE: [Samba] How do I get Winbind accounts in LDAP? Hi Sapan/All, ok this is all in my test/dev environment. I have a Sun Sparc workstation running Solaris 9 and an Intel server running Windows 2000 server acting as a Native mode AD DC. My Sparc system has Samba 3.0.1 installed and is successfully joined to the AD domain, I can authenticate via kerberos and wbinfo -u lists domain users etc. All I need LDAP for is centralising the IDMAP mappings across our theoretical Samba server infrastructure. On the same sparc system I also have SunONE DS 5.2 installed, this has the schema for Samba 3.0.1 successfully loaded. I have created the idamap OU in the directory and I have configured my smb.conf to use LDAP for idmap data, file attached. And I have set the LDAP admin account password with "smbpasswd -w". I have also disabled nscd from starting up & installed patch 113476-05 which is required for Solaris 9. I can also see winbindd establishing a connection to Sun LDAP in its access log. As I was writing this mail I have noticed that a getent for users and groups is not displaying any AD users/groups but is exiting with a status 0, this is despite the fact that wbinfo is correctly displaying all my AD users/groups!? I can see from a snoop and truss run on the getent that it is making LDAP calls to the AD DC but it's not returning anything!?! I have had this running on a Solaris 8 system in my test environment successfully and can't think of anything I've done differently. If anyone can help I'd greatly appreciate it, many thanks Andy. -----Original Message----- From: Ganguly, Sapan [mailto:[EMAIL PROTECTED] Posted At: 07 January 2004 16:44 Posted To: Samba Conversation: [Samba] How do I get Winbind accounts in LDAP? Subject: RE: [Samba] How do I get Winbind accounts in LDAP? Andy, Tell us a bit more, I'm doing a similar thing I think. I'm not using Sun's LDAP service, I have OpenLDAP running on a Redhat 9.0 box and I'm logging into my Solaris 9.0 machine running winbind, with my NT username and password which creates an idmap in the openldap database on the Redhat box....well, that's what it is supposed to do anyway...it works fine on Redhat, Solaris is proving to be a little more tricky. Is this what you are doing? -----Original Message----- From: ww m-pubsyssamba [mailto:[EMAIL PROTECTED] Sent: 07 January 2004 14:23 To: [EMAIL PROTECTED] Subject: RE: [Samba] How do I get Winbind accounts in LDAP? Hi John/List, I'm attemtpting this (idmap in LDAP) with samba3.0.1 and Sun DS 5.2 but without any success. I've tried what John T has suggested below but my idmap OU is still empty (adapted LDAP commnads for Sun DS). I cannot see any errors in either Samba or Sun DS logs, does anyone have any troubleshooting tips to help work out why this isn't working? many thanks Andy. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John H Terpstra Posted At: 03 January 2004 23:54 Posted To: Samba Conversation: [Samba] How do I get Winbind accounts in LDAP? Subject: Re: [Samba] How do I get Winbind accounts in LDAP? Kent, Did you create the container for the ou=Idmap in your LDAP database? The IDMAP entries are automatically added to LDAP - IF the container exists, and so long as Samba can access that database. Also, I suggest you store your machine accounts in the Users container and not in the Computers container. Samba does not at this time search the Computers container correctly. Execute the following to find out if your LDAP database has an IDMAP container: slapcat | grep -i IDMAP If nothing is returned, execute this: ldapadd -x -D "cn=admin,dc=tow,dc=net" -w 'password' << EOR dn: ou=Idmap,dc=abmas,dc=biz objectClass: organizationalunit ou: idmap structuralObjectClass: organizationalunit EOR Now you must stop samba, delete the winbind*tdb files, restart samba, run: wbinfo -u And that should automatically populate your LDAP IDMAP database. Cheers, John T. BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba