* Jonathan C. Detert <[EMAIL PROTECTED]> [060427 12:40]: > one problem ... > > * Jonathan C. Detert <[EMAIL PROTECTED]> [060427 12:11]: > > * Guenther Deschner <[EMAIL PROTECTED]> [060427 11:56]: > > > On Thu, Apr 27, 2006 at 11:21:45AM -0500, Jonathan C. Detert wrote: > > > > with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD > > > > by using winbind for authentication as well as for the source of nss > > > > info. > > > > > > > > When winbind is configured to use its own local id maps, everything > > > > works fine. > > > > > > > > But when i configure winbind to use 'ad' as the source of nss info, > > > > authentication fails, 'getent' commands return no results, and > > > > 'wbinfo -r someusername' returns nothing (though wbinfo -u and -g work > > > > correctly). > > > > -- snip -- > > > > > > And here is how smb.conf looks when winbind is configed to use AD for > > > > nss: > > > > -------------- > > > > winbind enum groups = yes > > > > winbind enum users = yes > > > > winbind separator = + > > > > winbind nested groups = yes > > > > winbind nss info = sfu > > > > winbind use default domain = yes > > > > > > > > idmap backend = ad > > > > > > You still need to have the idmap ranges set so that winbind does not fall > > > into the "netlogon proxy only" mode. Does it work then? > > > > Yes, thanks! I don't understand that at all. What is 'netlogon proxy only' > > I spoke too soon: _most_ things work now. The things which didn't work > before, are now working. However, one thing is not working: > > the inability to map a uid or gid into a name. > > For example: > - 'id -G detertj' works, but 'id -Gn detertj' does not. > - when i login on the console of the samba box, my shell prompt, > which would usually say '[EMAIL PROTECTED]', says instead > 'I have no [EMAIL PROTECTED]'.
This problem mysteriously fixed itself. I had to stop working on this problem for a while. By the time I came back to it, about 2 hours later, the problem was gone. Everything works as desired now. My guess is that there was some sort of timing issue that kept winbind from knowing how to mad names to uids, and that I just hadn't waited long enough at first. -- Happy Landings, Jon Detert IT Systems Administrator, Milwaukee School of Engineering 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
