Hi, I am hoping someone can point out what I am doing wrong, I am upgrading samba from 3.0.37 to 3.5.6 and running into trouble with idmapping using ADS security. I have multiple linux boxes running 3.0.37 and when I execute getent passwd I get:
# getent passwd DOMAIN+gregorcy gregorcy:*:2933:1013:Brian Gregorcy:/home/DOMAIN/gregorcy:/bin/bash on all the boxes running 3.0.37. On my new box running 3.5.6 I get: # getent passwd DOMAIN+gregorcy gregorcy:*:502:506::/home/DOMAIN/gregorcy:/bin/bash Which is not what I had hoped for. Both machines are joined to my domain and allow me to ssh into them using my AD cred, just the uid & gid are not lining up. My 3.0.37 smb.conf > [global] > workgroup = DOMAIN > netbios name = harley > realm = DOMAIN.UTAH.EDU > server string = harley > security = ADS > preferred master = no > client use spnego = yes > server signing = auto > encrypt passwords = yes > nt acl support = yes > acl map full control = yes > socket options = TCP_NODELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > template shell = /bin/false > password server = * > log level = 3 > log file = /var/log/samba/%m > max log size = 100 > preferred master = No > dns proxy = No > wins server = 192.168.1.100 192.168.1.101 > winbind cache time = 0 > winbind nested groups = yes > allow trusted domains = No > idmap backend = rid:KPAK=500-100000000 > idmap uid = 500-100000000 > idmap gid = 500-100000000 > template shell = /bin/bash > winbind use default domain = Yes > winbind separator = + > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > obey pam restrictions = yes My 3.5.6 smb.conf > [global] > workgroup = DOMAIN > netbios name = vwww3 > realm = DOMAIN.UTAH.EDU > server string = web3 > security = ADS > preferred master = no > client use spnego = yes > server signing = auto > encrypt passwords = yes > nt acl support = yes > acl map full control = yes > wide links = no > password server = * > log level = 3 > log file = /var/log/samba/%m > max log size = 100 > wins server = 192.168.1.100 192.168.1.101 > winbind offline logon = yes > idmap domains = default, domain.utah.edu > idmap config default: default = yes > idmap config domain.utah.edu: range = 500-100000000 > idmap config domain.utah.edu: backend = ad > idmap alloc backend = tdb > idmap uid = 500-100000000 > idmap gid = 500-100000000 > winbind separator = + > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind refresh tickets = yes > winbind nested groups = yes > client ntlmv2 auth = yes > encrypt passwords = yes > template shell = /bin/bash > allow trusted domains = yes Thanks for any help, Brian Gregorcy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
