John wrote: > Hello List, > > After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use of > the new syntax for IDMAP. But I failed, Also there is a lack on > documentation how to us it. (Yes there is a man, but it contains > limited explanation and examples). > > What do I want? What (I think a lot of people wants) > I have two samba domain members and a Windows 2003 DC without R2 / > SFU shema extension. So I want make use of the RID facility. > Same GID/ UID mappings on all samba servers in the domain, with > support of BUILTIN groups, and without installing schema extensions > on the DC. I assume that RID was designed for this scenario > Can anyone assist me and everyone on list struggling with the same > problems, how to proper configure SAMBA for this scenario? > > Old syntax works, but lack support for BUILT-IN groups, and gives > following complaints in syslog > Module '/usr/lib/samba/idmap/rid.so' initialization failed: > NT_STATUS_OBJECT_NAME_COLLISION > and: > lib/util_str.c:safe_strcpy_fn(659) > Dec 19 13:12:47 s-0009 winbindd[5454]: ERROR: string overflow by 1 > (256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255) > in safe_strcpy [Added timed event "async_request_timeout": 8843878 >
I have just fixed one of our Samba servers this morning after an the upgrade from CentOS 5 -> 5.1 broke winbind resolution. The below winbind config worked for me. [global] workgroup = COMM server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 dns proxy = No cups options = raw password server = amachine.us.domain.co.uk realm = US.DOMAIN.CO.UK security = ads # OLD IDMAP settings # idmap uid = 16777216-33554431 # idmap gid = 16777216-33554431 # idmap backend = rid:"US=16777216-33554431" # NEW IDMAP settings idmap domains = US idmap config US: default = yes idmap config US: backend = rid idmap config US: range = 16777216-33554431 idmap alloc config: range = 16777216-33554431 template shell = /sbin/nologin winbind use default domain = yes allow trusted domains = no host msdfs = no winbind enum users = no winbind enum groups = no wins server = 192.168.1.10 Hope this helps Dean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba