yo. i have a vmware VI3 machine (which is effectively FC3 for our intents and purposes) i'm trying to get to authenticate with our active directory domain. it's -mostly- working- i can log in as my domain user successfully, getent passwd and group work, wbinfo -u and -g work, however wbinfo -t fails and if i type 'groups <domainuser>', i get this: id: cannot find name for group ID 10005 id: cannot find name for group ID 10006 id: cannot find name for group ID 10008 id: cannot find name for group ID 10009 id: cannot find name for group ID 10016
/var/log/samba.winbindd has a bunch of errors like this: [2007/12/04 14:22:05, 1] nsswitch/winbindd_cm.c:cm_open_connection(333) failed tcon_X with NT_STATUS_ACCESS_DENIED [2007/12/04 14:22:05, 1] nsswitch/winbindd_cm.c:cm_open_connection(333) failed tcon_X with NT_STATUS_ACCESS_DENIED [2007/12/04 14:22:05, 1] nsswitch/winbindd_cm.c:cm_open_connection(333) failed tcon_X with NT_STATUS_ACCESS_DENIED [2007/12/04 14:22:05, 1] nsswitch/winbindd_group.c:winbindd_getgrgid(381) could not lookup sid here's my smb.conf: [global] workgroup = OURWORKGROUP netbios name = hostname server string = Linux workstation 1 security = ADS log file = /var/log/samba/samba.%m max log size = 50 local master = no preferred master = no idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template homedir = /home/%U template shell = /bin/bash encrypt passwords = yes dns proxy = no realm = REALM.COMPANY.COM password server = servername.company.com wins proxy = no allow trusted domains = no i vaguely suspect that i need something like this: idmap backend = idmap_rid:REALM.COMPANY.COM=10000-20000 ...but if i put that in, winbind completely stops working and i can't do anything. thoughts? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
