one problem ... * Jonathan C. Detert <[EMAIL PROTECTED]> [060427 12:11]: > * Guenther Deschner <[EMAIL PROTECTED]> [060427 11:56]: > > On Thu, Apr 27, 2006 at 11:21:45AM -0500, Jonathan C. Detert wrote: > > > with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD > > > by using winbind for authentication as well as for the source of nss info. > > > > > > When winbind is configured to use its own local id maps, everything > > > works fine. > > > > > > But when i configure winbind to use 'ad' as the source of nss info, > > > authentication fails, 'getent' commands return no results, and > > > 'wbinfo -r someusername' returns nothing (though wbinfo -u and -g work > > > correctly). > > -- snip -- > > > > And here is how smb.conf looks when winbind is configed to use AD for > > > nss: > > > -------------- > > > winbind enum groups = yes > > > winbind enum users = yes > > > winbind separator = + > > > winbind nested groups = yes > > > winbind nss info = sfu > > > winbind use default domain = yes > > > > > > idmap backend = ad > > > > You still need to have the idmap ranges set so that winbind does not fall > > into the "netlogon proxy only" mode. Does it work then? > > Yes, thanks! I don't understand that at all. What is 'netlogon proxy only'
I spoke too soon: _most_ things work now. The things which didn't work before, are now working. However, one thing is not working: the inability to map a uid or gid into a name. For example: - 'id -G detertj' works, but 'id -Gn detertj' does not. - when i login on the console of the samba box, my shell prompt, which would usually say '[EMAIL PROTECTED]', says instead 'I have no [EMAIL PROTECTED]'. I can turn a name into a sid, and a sid into a uid, but not a name into a uid. -- Happy Landings, Jon Detert IT Systems Administrator, Milwaukee School of Engineering 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba