Ok, That didn't work either. I did however change the config to idmap DOMAIN:default=yes and got it to work for the briefest of moments. So, it appears that the underlying fault is that the DC cannot be found for the user.
If server signing requirements were turned off for the domain that the server had joined to, does the same setting need to be changed on DCs on the domains to which the user will be authenticating? Naadir -----Original Message----- From: Justin Payne [mailto:[EMAIL PROTECTED] Sent: 03 April 2008 21:15 To: Naadir Jeewa Cc: [email protected] Subject: Re: [Samba] Winbind ignores idmap configuration (3.0.28a) Naadir Jeewa wrote: > No joy. Still seems to look in AD for a uid instead of calculating using > rid. > > Naadir > Does adding the following help idmap backend = rid > -----Original Message----- > From: Justin Payne [mailto:[EMAIL PROTECTED] > Sent: 03 April 2008 20:31 > To: Naadir Jeewa > Cc: [email protected] > Subject: Re: [Samba] Winbind ignores idmap configuration (3.0.28a) > > Naadir Jeewa wrote: > >> Hullo, >> >> After having my Samba server joined to a domain, I'm now having >> difficulties configuring winbind. I want to use the idmap_rid backend, >> and have recompiled Samba from scratch with the requisite rid.so >> > module. > >> However, no matter how "idmap domains / idmap config" is set up, it >> seems to get totally ignored. Here is my smb.conf: >> >> [global] >> >> workgroup = DEPARTMENTDOMAIN >> >> server string = NAS Samba Server Version %v >> >> log file = /var/log/samba/log.%m >> max log size = 50 >> >> security = ads >> realm = DEPARTMENTDOMAIN >> use kerberos keytab = true >> >> load printers = no >> local master = yes >> >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >> >> smb ports = 445 >> disable netbios = yes >> >> idmap domains = ORGUSERDOMAIN >> >> # Winbind RID >> idmap config ORGUSERDOMAIN: backend = rid >> idmap config ORGUSERDOMAIN: base_rid = 1000 >> idmap config ORGUSERDOMAIN: range = 10000-20000 >> >> >> Here is output from winbind: >> >> [ 7677]: lookupsid bleh >> get_cache: Setting MS-RPC methods for domain ORGUSERDOMAIN >> rpc: query_user sid=bleh >> error getting user info for sid bleh >> query_user returned an error >> Could not query domain ORGUSERDOMAIN SID bleh >> >> >> Thanks in advance, >> >> Naadir Jeewa >> >> > Try setting your base_rid to 513. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
