Hai, I'm having exactly the same problem with winbind as Matthew Daubenspeck. also on ubuntu 12.04 with sernet packages. ( used sernet-samba-winbind 4.0.7 )
I remove the complete config atm but am at the point reinstalling now. I'll wait with that until you put you howto on. i cant loose the rfc2307 :-( and i cant lose control over uidNumber, gidNumber, home directories and login shells. and im adding a second DC later on, but whats the difference between RID and AD exactly. or just these 4 things? I'll go try the sssd as suggested below on ubuntu 12.04. Best regards, Louis >-----Oorspronkelijk bericht----- >Van: rowlandpe...@googlemail.com >[mailto:samba-boun...@lists.samba.org] Namens Rowland Penny >Verzonden: maandag 22 juli 2013 23:45 >Aan: steve >CC: samba@lists.samba.org >Onderwerp: Re: [Samba] Winbind troubles > >If you want my opinion, this is just another example of why not to use >winbind, if you can wait until tomorrow , I will send you an >howto on sssd >on Ubuntu 12.04 > >Rowland >On Jul 22, 2013 10:36 PM, "steve" <st...@steve-ss.com> wrote: > >> On Mon, 2013-07-22 at 17:29 -0400, Matthew Daubenspeck wrote: >> > On Mon, Jul 22, 2013 at 10:15:10PM +0100, Rowland Penny wrote: >> > > OK, that seems like it should work, I had the winbind >ad backend >> > > working, but found it difficult to setup so jumped >ship to sssd >> > > The idmap setup I used was: >> > > idmap config *:backend = tdb >> > > idmap config *:range = 1100-2000 >> > > idmap config DOMAIN:backend = ad >> > > idmap config DOMAIN:schema_mode = rfc2307 >> > > idmap config DOMAIN:range = 10000-3100000 >> > > As you can see the number ranges are the opposite way >round to what >> you >> > > have i.e. config*:range is lower than DOMAIN:range >> > > You could also try (as a test) changing backend = ad >to backend = >> rid, >> > > this will ignore the rfc2307 bit but will test the >connect to the AD >> > > server. >> > > Rowland >> > >> > Changing the above ranges made no difference. However, >changing backend >> > = rid gets me: >> > >> > root@srv2:~# getent passwd administrator >> > >administrator:*:10005:1013:Administrator:/home/Administrator:/bin/sh >> >> Amazing;) >> > >> > That seems to be working perfectly. What would I be losing without >> > rfc2307 (please excuse the ignorance)? >> >> You'd lose control over uidNumber, gidNumber and you >wouldn't be able to >> specify your own home directories and login shells. It's also a >> nightmare if you add a second DC. >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
