Charles Marcus wrote: > Plant, Dean, on 12/19/2007 8:58 AM, said the following: >> John wrote: >>> Hello List, >>> >>> After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use >>> of the new syntax for IDMAP. But I failed, Also there is a lack on >>> documentation how to us it. (Yes there is a man, but it contains >>> limited explanation and examples). >>> >>> What do I want? What (I think a lot of people wants) >>> I have two samba domain members and a Windows 2003 DC without R2 / >>> SFU shema extension. So I want make use of the RID facility. >>> Same GID/ UID mappings on all samba servers in the domain, with >>> support of BUILTIN groups, and without installing schema extensions >>> on the DC. I assume that RID was designed for this scenario >>> Can anyone assist me and everyone on list struggling with the same >>> problems, how to proper configure SAMBA for this scenario? >>> >>> Old syntax works, but lack support for BUILT-IN groups, and gives >>> following complaints in syslog >>> Module '/usr/lib/samba/idmap/rid.so' initialization failed: >>> NT_STATUS_OBJECT_NAME_COLLISION >>> and: >>> lib/util_str.c:safe_strcpy_fn(659) >>> Dec 19 13:12:47 s-0009 winbindd[5454]: ERROR: string overflow by 1 >>> (256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255) >>> in safe_strcpy [Added timed event "async_request_timeout": 8843878 >>> >> >> I have just fixed one of our Samba servers this morning after an the >> upgrade from CentOS 5 -> 5.1 broke winbind resolution. >> >> The below winbind config worked for me. > > I'm curious - what exactly CHANGED (or, what did you have to change)? > We had been running with these idmap settings for an AD integrated file server. idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 idmap backend = rid:"US=16777216-33554431"
After the upgrade to CentOS 5.1 our winbind mappings were lost and group permissions were no longer working. Reading the Samba release notes and trawling the net I found the below settings, although as it has been pointed out the "idmap alloc config" is not required. With these settings all winbind mappings were restored and everything seems to be working as normal. idmap domains = US idmap config US: default = yes idmap config US: backend = rid idmap config US: range = 16777216-33554431 idmap alloc config: range = 16777216-33554431 Dean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba