[Samba] Samba 3.5.5. id-map issues with Active Directory

Tue, 28 Sep 2010 04:41:12 -0700 

 Hi,
I'm running Debian Squeeze on a few machines that are all authenticating to a pair of Windows 2008 servers. After upgrading to samba 3.5.5 from 3.4.8 idmap has stopped resolving which is preventing user authentication on these boxes. The boxes that have been left at 3.4.8 continue to work fine. 


On the 3.5.5 boxes wbinfo and net ads show lists of users and groups 
without issue yet id is not able to map uid's any more.


nsswitch.conf is using:

passwd:     files winbind
group:      files winbind
shadow:     files winbind



I can successfully connect the affected servers to the AD domain 
using net ads join and the keytab also generates fine.



I have included my smb.conf below and will happily provide any 
details that will help.


Many thanks for your time.

Regards

Simon


[global]

# Debuging domain auth issues:
debug level = 10

workgroup = DOMAIN
security = ads
kerberos method = system keytab
winbind use default domain = true
realm = DOMAIN.NET

disable netbios = yes
name resolve order = host lmhosts
hosts allow = 127.0.0.1 192.168.1.0/24 93.97.246.119
hosts deny = 0.0.0.0/0

password server = 192.168.1.2, 192.168.1.3, *

idmap config DOMAIN:default = yes
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:backend = ad
idmap config DOMAIN:range = 10000-20000

idmap backend = ad
winbind offline logon = yes
winbind nested groups = yes
winbind separator = +
winbind cache time = 3600
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
winbind nss info = rfc2307

template homedir = /home/%U
template shell = /bin/bash
client ntlmv2 auth = yes
encrypt passwords = true

local master = no
domain master = no
preferred master = no
dns proxy = no

server string = Samba Server Version %v


socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE 
SO_RCVBUF=8192 SO_SNDBUF=8192


# Fix character set issues:

# 
http://www.unixresources.net/linux/lf/59/archive/00/00/13/18/131896.html

dos charset = 850
unix charset = UTF-8


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to