> [global] > workgroup = OURWORKGROUP > netbios name = hostname > server string = Linux workstation 1 > security = ADS > log file = /var/log/samba/samba.%m > max log size = 50 > local master = no > preferred master = no > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > template homedir = /home/%U > template shell = /bin/bash > encrypt passwords = yes > dns proxy = no > realm = REALM.COMPANY.COM > password server = servername.company.com > wins proxy = no > allow trusted domains = no > > > > i vaguely suspect that i need something like this: > > idmap backend = idmap_rid:REALM.COMPANY.COM=10000-20000 > > ...but if i put that in, winbind completely stops working and i can't > do anything. thoughts?
Here is my Global section of our smb conf. This is running in the same envirment as yours. Our host OS is FC7 and our samba version is Version 3.0.26a-6.fc7 security = ads netbios name = hostname realm = ADDOMAIN.domain password server = ADDOMAIN.domain workgroup = ADDOMAIN idmap uid = 500-10000000 idmap gid = 500-10000000 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes preserve case=yes short preserve case=yes case sensitive=no template homedir = /home/shares/%D/%U template shell = /bin/bash client use spnego = yes domain master = no encrypt passwords = yes I'm not setting the idmap backend option and have no problems. I've also read a couple of places that the server string option needs to be set to your FQDN, mine is not though and it's still working. Also make sure you are syncing your time between your AD and your samba box. You will see a time drift issue if you aren't running vmtools and syncing to your esx server or some form of ntp. Your kerberos tickets will start expiring. -- -------------------- Chris Jeter Senior IT Technician The World Company 785.312.6911 -------------------- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba