Michael Wood wrote:
I didn't get the benefit of '*' added to my wbinfo...
I don't understand what you mean by this.
Just saw this note by Bendikt Schindler:
Of course, as noted earlier, my wbinfo also doesn't seem to know about
builtin SID's either .. so am having to add them...
-------- Original Message --------
Subject: samba 3.6: "autorid" has no domain order
Date: Fri, 12 Aug 2011 18:23:14 +0200
From: Benedikt Schindler <[email protected]>
To: [email protected]
[snip & noting multiple future snips @ random! ]
I first tried autorid with a config like this:
winbind enum users = yes
winbind enum groups = yes
idmap backend = autorid
idmap gid = 100000-1499999
idmap gid = 100000-1499999
allow trusted domains = yes
... then later
I also read the mail about the new idmapping so i also tried these
configuration:
winbind enum users = yes
winbind enum groups = yes
allow trusted domains = yes
idmap config A : backend = rid
idmap config A : range = 100000 - 199999
idmap config A : base_rid = 1000
idmap config B : backend = rid
idmap config B : range = 200000 - 299999
idmap config B : base_rid = 1000
-----
Then next note he says:
if i use this config:
> winbind enum users = yes
> winbind enum groups = yes
> allow trusted domains = yes
>
> idmap config * : backend = tdb
> idmap config * : range = 70000-99999
>
> idmap config A : backend = rid
> idmap config A : range = 100000 - 199999
> idmap config A : base_rid = 1000
>
> idmap config B : backend = rid
> idmap config B : range = 200000 - 299999
> idmap config B : base_rid = 1000
i get folowing message from a SID of domain A: server3:~ # wbinfo -S
S-1-5-21-1004336348-920026266-682003330-1113 failed to call wbcSidToUid:
WBC_ERR_DOMAIN_NOT_FOUND Could not convert sid
S-1-5-21-1004336348-920026266-682003330-1113 to uid i change this line
> allow trusted domains = no
server3:~ # wbinfo -S S-1-5-21-1004336348-920026266-682003330-1113
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND Could not convert
sid S-1-5-21-1004336348-920026266-682003330-1113 to uid it does not
work. i change this line
> idmap config * : backend = rid
server3:~ # wbinfo -S S-1-5-21-1004336348-920026266-682003330-1113 100113
so it "works" ... but "getent passwd" still does not show any user.
so there is still a long way to go.
if i delete all the "idmap config * " parts it won't work again.
----------------------------------^^^^
But also if it does work.... i need trusted domain support. the only
config that realy works right now, is the new "autorid".
Alot of the error he is describing I saw as well, but I didn't see the email
about the new idmapping that told about '*'...(or that it was needed.
My server thought there was 2 domains due to the case-change problem --
that's
why it kept looking for *, which I am guessing is supposed to be some
type of domain locator addres.
My DB, since I'd only ever had 1 never had entries setup for 2, but when
the name
got changed by NMB -- suddenly there 2 servers -- and calls coming in
for Domain,
were getting refused on "DOMAIN"....
That's my best explanation yet, as to what happened...
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
