On Thu, Apr 27, 2006 at 11:21:45AM -0500, Jonathan C. Detert wrote: > with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD > by using winbind for authentication as well as for the source of nss info. > > When winbind is configured to use its own local id maps, everything > works fine. > > But when i configure winbind to use 'ad' as the source of nss info, > authentication fails, 'getent' commands return no results, and > 'wbinfo -r someusername' returns nothing (though wbinfo -u and -g work > correctly). > > I am guessing that either there is something wrong or lacking in my config, > or that some kind of caching is messing me up. > > Here is my pertinent smb.conf stuff when winbind is configed to use > local id maps: > -------------- > winbind enum groups = yes > winbind enum users = yes > winbind separator = + > winbind nested groups = yes > winbind use default domain = yes > > idmap gid = 10000-55000 > idmap uid = 10000-55000 > > template homedir = /home/%D/%U > template shell = /bin/bash > > And here is how smb.conf looks when winbind is configed to use AD for > nss: > -------------- > winbind enum groups = yes > winbind enum users = yes > winbind separator = + > winbind nested groups = yes > winbind nss info = sfu > winbind use default domain = yes > > idmap backend = ad
You still need to have the idmap ranges set so that winbind does not fall into the "netlogon proxy only" mode. Does it work then? Guenther -- Günther Deschner GPG-ID: 8EE11688 Novell / SUSE LINUX [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED]
pgpMpcL0XVB6e.pgp
Description: PGP signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba