That helped, many thanks David. However, winbind behaves strangely.
I ask it to print SID-UID mapping for a SID I know it is in LDAP: wbinfo --sid-to-uid S-1-5-21-796845957-1547161642-839522115-187984 It fails and winbindd says: ldap_connect_system: successful connection to the LDAP server ldap_set_mapping_internals: Failed to add S-1-5-21-796845957-1547161642-839522115-187984 to 20011 mapping [uidNumber] ldap_set_mapping_internals: Error was: (NULL) (Already exists) Could not store the new mapping: NT_STATUS_UNSUCCESSFUL In the LDAP server logs I see a successful search and then a try to ADD (?!) a mapping for the given SID with next free UID from the defined UIDs range: conn=564 op=-1 msgId=-1 - fd=26 slot=26 LDAP connection from 10.238.186.50 to 10.238.186.52 conn=564 op=0 msgId=1 - BIND dn="uid=idmapadm,ou=idmap,dc=swissptt,dc=ch" method=128 version=3 conn=564 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=idmapadm,ou=idmap,dc=swissptt,dc=ch" conn=564 op=1 msgId=2 - SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl" conn=564 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0 conn=564 op=2 msgId=3 - SRCH base="ou=idmap,dc=swissptt,dc=ch" scope=2 filter="(&(objectClass=sambaIdmapEntry)(sambaSID=S-1-5-21-796845957-1547161642-839522115-187984))" attrs="sambaSID uidNumber gidNumber objectClass" conn=564 op=2 msgId=3 - RESULT err=0 tag=101 nentries=1 etime=0 conn=564 op=3 msgId=4 - ADD dn="sambaSID=S-1-5-21-796845957-1547161642-839522115-187984,ou=idmap,dc=swissptt,dc=ch" conn=564 op=3 msgId=4 - RESULT err=68 tag=105 nentries=0 etime=0 csn=4a851d61000100020000 conn=564 op=4 msgId=5 - UNBIND conn=564 op=4 msgId=-1 - closing - U1 conn=564 op=-1 msgId=-1 - closed. My LDAP was pre-feed with all known SID-UID mappings, the dynamic allocation is there for "just in case". Is it a bug or feature? Or again a config parameter I missed? Thanks for your time. Regards, Chris On Thu, 13 Aug 2009 23:45:16 +0100 David Markey <[email protected]> wrote: > > ldap ssl = off > > > On Thu, 13 Aug 2009 23:26:37 +0200, Chris Osicki > <[email protected]> wrote: > > Hi > > > > I've just upgraded Samba on Solaris 10 from the bundled version (3.0.33) > > to 3.4.0 and winbind don't want to cooperate with LDAP as idmap backend > > anymore. > > > > The smb.conf I use is: > > > > [global] > > workgroup = CORPROOT > > netbios name = usonfs > > security = domain > > log level = 10 > > preferred master = no > > bind interfaces only = yes > > interfaces = usonfs > > > > password server = sg000057.corproot.net sg1006z.corproot.net > > winbind uid = 20000-21000 > > winbind gid = 20000-21000 > > winbind enum users = no > > winbind enum groups = no > > > > # Using ldap server as winbindd backend > > idmap backend = ldap:ldap://usoldap01.swissptt.ch > > ldap:ldap://usoldap02.swissptt.ch > > ldap admin dn = uid=idmapadm,ou=idmap,dc=swissptt,dc=ch > > ldap idmap suffix = ou=idmap > > ldap suffix = dc=swissptt,dc=ch > > > > I compiled Samba myself: configure; make; make install. > > > > It must be something obvious I'm overlooking I hope somebody could > > point it out. > > > > Running winbindd as: > > > > /usr/local/samba/sbin/winbindd -d 3 -i -n > > > > I see those messages: > > > > [ 8286]: sid to uid S-1-5-21-796845957-1547161642-839522115-187984 > > idmap_init: using 'ldap' as remote backend > > Failed to issue the StartTLS instruction: Connect error > > Connection to LDAP server failed for the 1 try! > > Failed to issue the StartTLS instruction: Connect error > > Connection to LDAP server failed for the 3 try! > > Failed to issue the StartTLS instruction: Connect error > > Connection to LDAP server failed for the 5 try! > > Failed to issue the StartTLS instruction: Connect error > > Connection to LDAP server failed for the 7 try! > > > > > > Thanks for your time. > > > > Regards, > > Chris > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
