Hi! On Wed, Nov 18, 2009 at 05:04:25PM +0100, Stephan Seitz wrote:
I have a little newer version of samba but the same symptoms. I’m using winbind to map the ADS groups to Unix groups (LDAP access to the ADS).The smb process for the share is running as the user who is logged in. But contrary to a shell access (here „id” shows all groups the user is a member of), the smb process doesn’t seem to know which other groups beside the primary group the user belongs to.
Well, I was able to solve my problem, but since I changed more than one setting I don’t know exactly what solved the problem.
I noticed that „wbinfo -S <SID>” was unable to map the SID to a UID. „wbinfo -U <UID>” did work.
log.winbind-idmap contained lines like „ad_idmap_cached_connection: Failed to obtain schema details!”.
Using Aunty Google I found the following possible solutions:- Some winbind versions did not like the mdns entries in the host line in /etc/nsswitch.conf, but for me removing them did not work, so I reverted my change.
- Others had to define the idmap schema with „idmap config <MYDOMAIN>:schema_mode = sfu” in /etc/samba/smb.conf. Another value for sfu is rfc2307. While nothing changed for me, I did not remove the line again.
- The last idea was to remove the old tdb files. I deleted idmap_cache.tdb and winbindd_cache.tdb. After a winbind restart the files were created again and „wbinfo -S <SID>” suddenly worked again.
And with a working wbinfo my samba group problem was solved.
Maybe this will help you too.
Shade and sweet water!
Stephan
--
| Stephan Seitz E-Mail: [email protected] |
| PGP Public Keys: http://fsing.rootsland.net/~stse/pgp.html |
signature.asc
Description: Digital signature
