Hello,
Please forgive me if this has been discussed, I did not find any
references when I searched.
I'm trying to replace a W2K server with a samba member server in a
single ADS domain.
It seems that the Fedora rpms do not support idmap_rid so I am trying to
compile from the Fedora SRPM. After following the docs for building and
configuring idmap_rid I get no ADS users from `getent passwd`. wbinfo -u
returns the user list without the DOMAIN\ prefix.
When I try to connect to the samba share I am confronted with an auth
box that I have not been able to satisfy.
/var/log/samba/winbindd includes:
idmap_init: using 'idmap_rid' as remote backend
Can anyone help?
Thanks,
Brian Hoover
/*/*/*/*/* smb.conf /*/*/*/*/*/*
[global]
unix charset = LOCALE
workgroup = VIDAR
realm = VIDAR.CORP
server string = BIS05
security = ADS
allow trusted domains = No
log level = 10
syslog = 0
log file = /var/log/samba/%m
max log size = 50
ldap ssl = no
idmap backend = idmap_rid:VIDAR=10000-20000
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind enum users = No
winbind enum groups = No
winbind use default domain = Yes
winbind nested groups = Yes
[users]
comment = User Folders
path = /smb/users
admin users = root, 'Domain Admins'
read only = No
guest ok = Yes
/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
/*/*/*/*/* config.log SNIPPED /*/*/*/*/*/*
$ ./configure --with-shared-modules=idmap_rid --with-ads --with-pam
--with_pamsmbpass
#define HAVE_LDAP 1
#define HAVE_KRB5 1
/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
/*/*/*/*/* nsswitch.conf /*/*/*/*/*/*
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns wins
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
/*/*/*/*/* nsswitch.conf /*/*/*/*/*/*
#%PAM-1.0
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_winbind.so
use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_winbind.so
use_first_pass
password required /lib/security/$ISA/pam_cracklib.so retry=3
type=
# Note: The above line is complete. There is nothing following the '='
password sufficient /lib/security/$ISA/pam_unix.so \
nullok use_authtok md5
shadow
password sufficient /lib/security/$ISA/pam_winbind.so
use_first_pass
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session sufficient /lib/security/$ISA/pam_unix.so
session sufficient /lib/security/$ISA/pam_winbind.so
use_first_pass
/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
