Re: [Samba] winbind confused about the DC's

2010-01-28 Thread Timo Aaltonen 

On Thu, 28 Jan 2010, Timo Aaltonen wrote:



Hi

 Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't. The 
log.winbindd-idmap is filled with this:


More verbose part of the log where it goes wrong:

[2010/01/28 13:29:52, 10] winbindd/winbindd_cm.c:479(set_domain_online_request)
 set_domain_online_request: called for domain AALTO
[2010/01/28 13:29:52, 10] winbindd/winbindd_cm.c:508(set_domain_online_request)
 set_domain_online_request: domain AALTO was globally offline.
[2010/01/28 13:29:52, 10] lib/events.c:287(s3_event_debug)  s3_event:
 Added timed event check_domain_online_handler: 0x25635b0
[2010/01/28 13:29:52, 10] lib/events.c:148(get_timed_events_timeout)
 timed_events_timeout: 4/54
[2010/01/28 13:29:52,  4] winbindd/winbindd_dual.c:1452(fork_domain_child)
 child daemon request 51
[2010/01/28 13:29:52, 10] winbindd/winbindd_dual.c:452(child_process_request)
 child_process_request: request fn DUAL_SID2UID
[2010/01/28 13:29:52,  3] winbindd/winbindd_idmap.c:293(winbindd_dual_sid2uid)  
[26144]:
 sid to uid S-1-5-21-2413826791-1553473826-2432194272-1265
[2010/01/28 13:29:52, 10] winbindd/idmap_util.c:157(idmap_sid_to_uid)
 idmap_sid_to_uid: sid = [S-1-5-21-2413826791-1553473826-2432194272-1265], 
domain = ''
[2010/01/28 13:29:52, 10] winbindd/idmap.c:765(idmap_backends_sid_to_unixid)
 idmap_backends_sid_to_unixid: domain = '', sid = 
[S-1-5-21-2413826791-1553473826-2432194272-1265]
[2010/01/28 13:29:52, 10] winbindd/idmap.c:465(idmap_find_domain)
 idmap_find_domain called for domain ''

I've tried to debug it by setting the breakpoint at winbindd_dual_sid2uid, 
but couldn't make anything of the backtrace.


Suggestions?

--
Timo Aaltonen
Systems Specialist
IT Services, Aalto University School of Science and Technology
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind confused about the DC's

2010-01-28 Thread Timo Aaltonen 

On Thu, 28 Jan 2010, Timo Aaltonen wrote:


On Thu, 28 Jan 2010, Timo Aaltonen wrote:



Hi

 Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't. 
The log.winbindd-idmap is filled with this:


More verbose part of the log where it goes wrong:


Bollocks. I had to change the config, this works:

[global]
  workgroup = AALTO
  realm = ORG.AALTO.FI
  security = ADS
  kerberos method = system keytab
  idmap config AALTO : backend = ad
  idmap config AALTO : readonly = yes
  idmap config AALTO : schema_mode = rfc2307
  idmap config AALTO : range = 1000-40
  idmap uid = 1000-40
  idmap gid = 1000-40
  winbind nss info = rfc2307
  winbind use default domain = yes
  winbind enum users = yes
  winbind enum groups = yes
  winbind offline logon = true
  winbind cache time = 5
  winbind refresh tickets = true

A summary of the changes:

- idmap backend = ad - idmap config AALTO : backend = ad
- add range  idmap uid/gid
(- added winbind offline/cache/refresh, but they are irrelevant here)

Without setting the range the uid would be mapped to the default value 
(which I asked about last fall).



--
Timo Aaltonen
Systems Specialist
IT Services, Aalto University School of Science and Technology
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba