samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] samba 3.4.5 idmap alloc broken

[Samba] samba 3.4.5 idmap alloc broken

From: Gaiseric Vandal <gaiseric.vandal_at_nospam>
Date: Tue May 04 2010 - 20:36:21 GMT
To: Samba <samba@lists.samba.org>

Some time back I upgraded a domain controller (Solaris 10) from samba
3.0.x to 3.4.5

In order to support interdomain trusts I am using winbind and idmap
allocation with a samba backend. Since the upgrade it appears that
samba is no allocating uid and gid's for trusted domain.

my smb.conf looks something like:

----------------------------------------------------------------------------------------------------------------------------

winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = no
winbind trusted domains only = no

# The "idmap domains" has been deprecated in 3.4
# idmap domains = DOMAIN_A DOMAIN_B DOMAIN_C
# Next two lines restored in 3.4 - but prob don't need
idmap uid = 30000-59999
idmap gid = 30000-59999

idmap config DOMAIN_A:backend = ldap
idmap config DOMAIN_A:readonly = no
idmap config DOMAIN_A:default=no
idmap config DOMAIN_A:ldap_base_dn = ou=domain_a,ou=idmap,o=mydomain.com
idmap config DOMAIN_A:ldap_user_dn = cn=Directory Manager
idmap config DOMAIN_A:ldap_url = ldap://ldap1.domain.com
idmap config DOMAIN_A:range = 30000-39999

idmap config DOMAIN_B:backend = ldap
idmap config DOMAIN_B:readonly = no
idmap config DOMAIN_B:default=no
idmap config DOMAIN_B:ldap_base_dn = ou=domain_b,ou=idmap,o=mydomain.com
idmap config DOMAIN_B:ldap_user_dn = cn=Directory Manager
idmap config DOMAIN_B:ldap_url = lldap://ldap1.domain.com
idmap config DOMAIN_B:range = 40000-45999
....

----------------------------------------------------------------------------------------------------------------------------

Domain_A (Windows 2003 AD in Mixed mode) has entries from prior to the
upgrade and hasn't had new accounts added recently. Domain_B (Windows
2008 in Windows 2003 mode) is a new addition. No idmap entries ever
populated. They should have populated after I ran "wbinfo -u" and
"getent passwd" on the samba PDC.

Any ideas?

Thanks

-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba