Lukas wrote: > > Lukas wrote: > >>>>> Colleagues, please respond. Have I asked something too unconventional > >>>>> or something too trivial? > >>>> > >>>> idmap backend = nss ?? > >>> > >>> Its man page is very scarce. Is it supposed to work at all? Do you have > >>> any > >>> experience with it? > >>> > >>> root@fs02-sibptus:~# id zimaev uid=3237(zimaev) gid=2000(user) > >>> groups=2000(user),2012(budget),3134(pto),2011(ntd) > >>> root@fs02-sibptus:~# wbinfo -n zimaev > >>> S-1-5-21-839522115-2139871995-725345543-1618 User (1) > >>> root@fs02-sibptus:~# wbinfo -i zimaev > >>> Could not get info for user zimaev > >>> root@fs02-sibptus:~# > >>> > >>> what gives? > >>> > >> > >> what do you have in smb.conf defined for security? > >> (general portion of smb.conf) > > > > [global] > > workgroup = SIBPTUS > > wins server = 10.14.134.1 10.14.134.4 > > security = domain > > idmap backend = nss > > idmap uid = 1000-1999999 > > idmap gid = 1000-1999999 > > template shell = /bin/bash > > winbind use default domain = Yes > > allow trusted domains = Yes > > > > > To me it seems, since you have security = domain, samba will try to > authenticate4 always to the domain controller. > Therefore: wbinfo -i zimaev will not return something valid, unless you > prepend the user with the domain (wbinfo -i DOMAIN\zimaev don't forget > to map the backslash with a second one DOMAIN\\zimaev) :-)
Don't forget, I have "winbind use default domain = Yes" and "wbinfo -n user_without_domain" is successful. Anyway, I have tried both: root@fs02-sibptus:~# wbinfo -n kuskovaa S-1-5-21-839522115-2139871995-725345543-1114 User (1) root@fs02-sibptus:~# wbinfo -i kuskovaa Could not get info for user kuskovaa root@fs02-sibptus:~# wbinfo -i SIBPTUS\\kuskovaa Could not get info for user SIBPTUS\kuskovaa root@fs02-sibptus:~# wbinfo --own-domain SIBPTUS root@fs02-sibptus:~# > More about how that works with the security: > http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#SECURITY > > The idmap backend = nss just tells samba, where to store the mapping > informations from AD- versus *nix-Users. Yes, I want to store the mapping in getpwnam() and the primary group in getgrnam(). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:[email protected] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
