Re: [Samba] IDMAP RID problems and documentation

Wed, 19 Dec 2007 08:35:53 -0800 

Plant, Dean, on 12/19/2007 8:58 AM, said the following:

John wrote:

Hello List,

After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use of
the new syntax for IDMAP. But I failed, Also there is a lack on
documentation how to us it. (Yes there is a man, but it contains
limited explanation and examples).

What do I want?  What (I think a lot of people wants)
I have two samba domain members and a Windows 2003 DC without R2 /
SFU shema extension. So I want make use of the RID facility.
Same GID/ UID mappings on all samba servers in the domain, with
support of BUILTIN groups, and without installing schema extensions
 on the DC. I assume that RID was designed for this scenario
Can anyone assist me and everyone on list struggling with the same
problems, how to proper configure SAMBA for this scenario?

Old syntax works, but lack support for BUILT-IN groups, and gives
following complaints in syslog
Module '/usr/lib/samba/idmap/rid.so' initialization failed:
NT_STATUS_OBJECT_NAME_COLLISION
and:
lib/util_str.c:safe_strcpy_fn(659)
Dec 19 13:12:47 s-0009 winbindd[5454]:   ERROR: string overflow by 1
(256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255)
in safe_strcpy [Added timed event "async_request_timeout": 8843878



I have just fixed one of our Samba servers this morning after an the
upgrade from CentOS 5 -> 5.1 broke winbind resolution.

The below winbind config worked for me.


I'm curious - what exactly CHANGED (or, what did you have to change)?


[global]
   workgroup = COMM
        server string = Samba Server
        log file = /var/log/samba/%m.log
        max log size = 50
        dns proxy = No
        cups options = raw

   password server = amachine.us.domain.co.uk
   realm = US.DOMAIN.CO.UK
   security = ads
# OLD IDMAP settings
#   idmap uid = 16777216-33554431
#   idmap gid = 16777216-33554431
#   idmap backend = rid:"US=16777216-33554431"
# NEW IDMAP settings
   idmap domains = US
   idmap config US: default = yes
   idmap config US: backend = rid
   idmap config US: range = 16777216-33554431
   idmap alloc config: range = 16777216-33554431

   template shell = /sbin/nologin
   winbind use default domain = yes
   allow trusted domains = no
   host msdfs = no
   winbind enum users = no
   winbind enum groups = no
   wins server = 192.168.1.10

Hope this helps

Dean



--

Best regards,

Charles Marcus
I.T. Director
Media Brokers International
678.514.6200 x224
678.514.6299 fax
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to