Folks, Having some fun with winbind on Samba 3.5.5 on RHEL5 and/or Centos5. I’ve got it working so ssh logins work correctly and file permissions are seemingly correct with created files etc. Backend authentication is from a Win2K3R2 box running RFC2372 extensions (ie not SFU) and all UIDs etc are assigned for the users who need them.
However, wbinfo returns some interesting things. We’re in a reasonably sized AD forest and there seems to be some ID mashing going on. If I do wbinfo –u it will sniff out the entire forest and return anything its allowed to as well as the local domain, obviously this can be filtered by using --domain=DOMAIN which sometimes works well, groups also. Things that don’t work: wbinfo -i returns ‘could not get info for user’ wbinfo -r returns ‘could not get groups for user’ wbinfo -Y returns ‘could not convert sid’ wbinfo --user-sidinfo returns ‘couldn’t get info for user’ wbinfo --user-sids also returns failure. Things that do: wbinfo -S my-username-SID correctly returns my UID of 666 wbinfo -s my-username-SID correctly returns DOMAIN+Username getent group getent passwd Wish I could remember what I changed, but at some point wbinfo -u username DID work but returned a UID of 147, no idea where it got that from as I even deleted the idmap cache files etc. Also if I browse to a share and create a file it ends up with the UID/GID of a user in a completely different domain! Current smb.conf: [global] workgroup = CAM realm = CAM.CW.LOCAL server string = test-samba server (CentOS 5) interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS map to guest = Bad User password server = 172.31.134.30 log level = 100 log file = /var/log/samba/%m.log printcap name = cups wins server = 172.31.134.30 idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind separator = + winbind cache time = 5 winbind use default domain = Yes winbind trusted domains only = Yes idmap config CAM: range = 100-9999 idmap config CAM: backend = ad idmap config CAM: schema_mode = rfc2307 idmap config CAM: default = yes [homes] comment = Home Directories read only = No create mask = 0664 directory mask = 0775 browseable = No [docs] path = /usr/share/doc/samba3/htmldocs guest ok = Yes Anyone? Kerberos seems to be acting ok too, otherwise SSH logins wouldn't work? -- adrian/witchy Owner of Binary Dinosaurs, the UK's biggest home computer collection? www.binarydinosaurs.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
