Steve Rippl wrote:
Thanks David, yes I have tried all these and nothing seems to be
working!
Here's where I'm at... libnss-ldap is working with my AD server, with
just 'files ldap' in nsswitch.conf a getent passwd returns local users
and users from AD, but they seem to be treated as local, ie they are
'admin' rather than 'wsd\admin'. So, on a windows client I go to my
test share as a domain user, in the log I see that it picks up the
uid/gid from AD, but in the security tab the user is 'Unix User
\2009test' NOT 'wsd\2009test'. If I try to add a user through this tab
they are wsd\username, and then I get
[2008/07/23 09:30:45, 0] smbd/posix_acls.c:create_canon_ace_lists(1438)
create_canon_ace_lists: unable to map SID
S-1-5-21-3668144929-636610183-3299198910-1120 to uid or gid.
in the log file when I hit apply. I'm also still getting
[2008/07/23 09:30:45, 1]
nsswitch/idmap_ad.c:idmap_ad_unixids_to_sids(294)
ADS uninitialized
in log.winbindd-idmap.
If I add winbind to the list in nsswitch it makes no difference, if I
have just 'file winbind' nothing works! This is all with idmap backend
= ad, if I set it to tdb winbind does work correctly.
What do I have to do to configure idmap backend = ad correctly???? I've
now complied 3.0.31 with --with-shared-modules=idmap_ad, I've tried
winbind nss info = sfu and leaving it out. Some people said use rfc2307
even though they claimed to be using SFU not R2, tried that and it
didn't make any difference (I'm using SFU 3.5). David's references seem
to be using ldap to store idmap info rather than getting uid/gid info
from ad.
Has someone out there got this working? The Samba-3 Howto for this says
to just use 'files ldap' in nsswitch, but to reiterate, if I do that I'm
not getting connected users recognised as domain user?!!
Have you put POSIX attributes onto the users in the active directory?
idmap backend = ad:ldap://domain.fqdn
winbind nss info = rfc2307
Should work. You also need
use kerberos keytab = yes
Howard.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
