Hi Rowland, Yes, I've added their unix attributes.
It looks like there is a long-open bug in winbind/samba 3.6.x that may be causing the error below (https://bugzilla.samba.org/show_bug.cgi?id=8676). I'm now stuck behind that so I'm trying to downgrade to 3.5.x. regards, -Nick On Jul 11, 2012, at 7:05 AM, Rowland Penny wrote: > On 11/07/12 01:57, Nick Triantos wrote: >> Thanks Robert. >> >> I've tried switching over to the AD back-end (which does sound like what I >> want), but I still receive only the errors: >> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND >> >> I restarted both winbind and smbd after changing the config. Is there some >> cache I have to flush, or some other config that needs to be changed beyond >> the settings in smb.conf? >> >> thanks again! >> -Nick >> >> My updated smb.conf: >> >> workgroup = CORP >> security = ADS >> #password server = 192.168.77.251 >> realm = CORP.MYCOMPANY.COM >> allow trusted domains = yes >> winbind use default domain = yes >> winbind nested groups = YES >> idmap config CORP : backend = ad >> idmap config CORP : default = yes >> idmap config CORP : schema_mode = rfc2307 >> idmap config CORP : range = 800 - 99999 >> >> >> On Jul 10, 2012, at 7:27 AM, Robert Freeman-Day wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> - -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Nick, >>> >>> I think what you may be looking for is the ad backend: >>> >>> https://www.samba.org/samba/docs/man/manpages-3/idmap_ad.8.html >>> >>> Since you are using tdb in your config, it is using a local database >>> and allocates UID/GIDs on the fly...first come, first served. So a >>> user may not get the same UID from one machine to the next. >>> >>> Robert >>> >>> On 07/10/2012 12:20 AM, Nick Triantos wrote: >>>> Hi, >>>> >>>> I'm trying to get an Ubuntu 12.04 system's Samba (3.6.3) and >>>> Winbind to map userids and groups to the unix attributes in an AD >>>> 2008 server. I can see that when I perform an ldapsearch, I'm able >>>> to read the attributes, and for one of my accounts, the id should >>>> be 1001. However, when I run 'wbinfo -i<username>', I get back >>>> something like 920. >>>> >>>> At one point, I was setting the idmap range to start at 900, but >>>> I've since removed that from my config, and restarted winbindd and >>>> smbd. I've also tried to 'net cache flush'. >>>> >>>> I also see wbinfo -i<someuser> usually returns: failed to call >>>> wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user >>>> <someuser> >>>> >>>> The relevant parts of my smb.conf are below. I've tried patching >>>> this together from various tuts and help pages. Any guidance would >>>> be very helpful. >>>> >>>> thanks! -Nick >>>> >>>> [global] workgroup = CORP security = ADS password server = >>>> 192.168.77.251 realm = CORP.MYCOMPANY.COM allow trusted domains = >>>> yes winbind use default domain = yes winbind nested groups = YES >>>> idmap config CORP : backend = tdb idmap config CORP : default = yes >>>> idmap config CORP : schema_mode = rfc2307 idmap config CORP : range >>>> = 1000 - 9999 idmap config * : backend = tdb encrypt passwords = >>>> true obey pam restrictions = yes client use spnego = yes client >>>> ntlmv2 auth = yes encrypt passwords = true restrict anonymous = 2 >>>> unix password sync = yes winbind enum groups = yes winbind enum >>>> users = yes winbind nss info = rfc2307 >>>> >>>> >>> >>> - - -- >>> ________ >>> >>> Robert Freeman-Day >>> >>> https://launchpad.net/~presgas >>> GPG Public Key: >>> http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 >>> >>> >>> - -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.11 (GNU/Linux) >>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >>> >>> iEYEARECAAYFAk/8O4QACgkQup357T5MfTZprwCeJ7iMF7NcxUctOd7bOAFqT4ZZ >>> AAgAoMqnWGK5E5LWZxxMxsUaVhfbil9Y >>> =yLz3 >>> - -----END PGP SIGNATURE----- >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.11 (GNU/Linux) >>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >>> >>> iEYEARECAAYFAk/8O7UACgkQup357T5MfTaCgACdHU8bg9f9cJ9+xgH6GuBchjJ+ >>> 3iQAoLndWChQKGLDkeGGTRaCM00LwHKb >>> =eagU >>> -----END PGP SIGNATURE----- > Hi, just a thought, have you added the RFC2307 uid/gid values to your users > on the AD server? if you haven't, there will be nothing to find and it may > throw the error that you are getting. > > Rowland > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
