On Mon, Mar 12, 2012 at 10:17:26AM +1000, Nathan Frankish wrote: > I really hate emailing lists, but I've come to a wall that I just cant > work out how to get past at the moment, so am hoping for some community > assistance if possible. > > > > Some background: > > We are running Windows Server 2003 on all of our domain controllers, and > are in the middle of migrating to server 2008 R2. We have unix exentions > enabled (rfc2307 I believe), and manage all of our uids/shell/home via > this. > > > > Our linux servers are a mix of RHEL 5.1, 5.4 and 5.5. > > > > We were using Samba 3.0.33-3.29.el5_5.1 or equivalent on most of our > servers, but we hit a stone wall when trying to get them to co-exist > with a domain controller that was running Server 2008. > > So we upgraded to the redhat package Samba3x which I believe is 3.3.8 on > some of the hosts and 3.5.10 on the others. > > > > However then we hit the snafu that the servers running samba3x wouldn't > talk to the domain controllers running server 2003 still. To combat > that, we null routed the server 2003 servers, and only let the Linux > servers talk to AD servers running 2008. > > This was working fine, except that some servers stopped being able to > run "getent passwd" or "getent group" and would just return nothing from > winbind. > > > > As a test, I converted over to RID as the idmap backend away from ADS, > and this appears to have almost worked perfectly. Except now that a > users UID isn't being returned from the AD unixattributes tab, but > instead has what I assume is the RID ID for the user. Other attributes > seem to be coming down ok
When you change idmap backends, you must always also delete all caches. Delete the winbindd_cache.tdb file and issue a "net cache flush". Hope that helps, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:[email protected] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
