Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: UNIX AD idmap issue
Special Forums Windows & DOS: Issues & Discussions UNIX AD idmap issue Post 302650057 by rudigarude on Friday 1st of June 2012 11:53:36 AM
Old 06-01-2012
UNIX AD idmap issue
Hi,

I'm having a nightmare of a time with this one. I've recently taken over a sys admin role and shortly after I did, the print server failed. I've had to replace the hard disk. ---don't ask about backups....there hasn't been a sys admin in post for almost a year......

Anyway, the aim, to get the unix cups server back up and running, authenticate against AD and then install the printers.

So, after a fresh install of centos 6.2, samba etc installed, all registered correctly on the network, time to authenticate against the Domain Controller which uses AD. Not a problem, I have got that sorted, e.g. wbinfo gives me everything I need, except the idmapping is wrong.

There is an older server that works running Samba version 3.0.33-3.39.el5_8

Here is the smb.conf file from the working server, which I've not touched (I've changed the domain name for this post);

Code:
        workgroup = DOMAIN
        server string = DOMAIN Filestore Server
        security = ads
        realm = DOMAIN.EXAMPLE.COM

        use kerberos keytab = yes

        winbind use default domain = true

        idmap domains = ALLDOMAINS
        idmap config ALLDOMAINS:backend = ad
        idmap config ALLDOMAINS:default = yes
        idmap config ALLDOMAINS:range = 1000 - 60000

        winbind nss info = rfc2307

        winbind enum users = yes
        winbind enum groups = yes

So with Samba version 3.5.10-116.el6_2 on the server I'm trying to get working, we have some deprecated commands.

This is what smb.conf on the machine I am trying to get working looks like;

Code:
        workgroup = DOMAIN
        server string = DOMAIN Print Server
        security = ads
        realm = DOMAIN.EXAMPLE.COM

        #use kerberos keytab = yes ##deprecated
        kerberos method = system keytab
        dedicated keytab file = /etc/opt/quest/vas/host.keytab

        winbind use default domain = yes
        winbind nested groups = yes

        idmap backend = tbd
        idmap uid = 10000-33554431
        idmap gid = 10000-33554431

        idmap config DOMAIN : backend = ad
        idmap config DOMAIN : range = 1000-9999
        idmap config DOMAIN : schema_mode = rfc2307

        winbind nss info = rfc2307

        winbind enum users = yes
        winbind enum groups = yes

I've played around with the file so much for the last three days, I've not managed to sort it. The users from the AD Domain Controller appear on the print server fine, however the GID and UID are wrong. Where as on the older file server it works fine.

Does anyone have any experience with this who might be able to give me any pointers? Is there something I've clearly done wrong?
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Unix Login Issue

Guys .. I got my user ID created in a production system of my organisation. the problem I got is my HOME directory in environment has been mis-spelt. Like: I should be logging into unix using ID: freakegs My home directory should be : /users/freakygs and echo $HOME should also... (1 Reply)
Discussion started by: freakygs
1 Replies

2. Shell Programming and Scripting

Unix Arithmatic operation issue , datatype issue

Hi, I have a shell scripting. This will take 7 digit number in each line and add 7 digit number with next subsequent lines ( normal addition ). Eg: 0000001 0000220 0001235 0000022 0000023 ........... ......... ........ Like this i am having around 1500000 records. After adding... (23 Replies)
Discussion started by: thambi
23 Replies

3. Shell Programming and Scripting

UNIX variable issue

Hi all, Something funny happen with this code: EXIST=`ssh batch@190.2.332.234 'if ; then echo 0; else echo 1 ; fi'` echo $EXIST Above code will display "1". The value of remotePath is /home/batch The value of fileName is sample.txt ========================================= ... (1 Reply)
Discussion started by: suigion
1 Replies

4. UNIX for Advanced & Expert Users

Unix Printing issue

I am currently struggling with attempting to print text files on a SCO 5.0.7 server to a network printer. The printer is an Hp LJ P2015dn There is an existing printer set up, and when I do a: lp -d myprinter /etc/hosts the first line of the hosts file is all that prints. I even attempted... (5 Replies)
Discussion started by: asamon
5 Replies

5. AIX

New to Unix - display issue

new to the forums hope is this the right area to post this, I have 4 IBM servers (inherited) and all of them are connecting through a KVM. Probelm is all the servers are fuzzy on the monitor. I have tried switching multiple monitors and all get the same effect no matter if they are wide screen or... (4 Replies)
Discussion started by: Setnaro
4 Replies

6. Shell Programming and Scripting

.profile issue with UNIX

Hi, There is a user in Solaris-10 zone, ora_big01. Its .profile is not getting executed due to some reason and I am not able to find that. root@trddpd-dwsq04:/# cat /etc/passwd | grep -i ora_big01 ora_big01:x:242349:220:Siebel for QA:/ccq/apps/siebel:/usr/bin/ksh root@trddpd-dwsq04:/# which ksh... (3 Replies)
Discussion started by: solaris_1977
3 Replies

7. UNIX for Advanced & Expert Users

UNIX Mount Issue

Hi, Not entirely sure if this is the right thread. Essentially, fdisk -l shows that /dev/sda is a drive (750 GB), with 1 partition at /dev/sda1 with system type "Linux". I'm pretty nooby at working with drives, but I'm pretty sure that the output of: mount /dev/sda1 /media/int Should not... (4 Replies)
Discussion started by: FreddoT
4 Replies

8. Shell Programming and Scripting

UNIX files issue

In one of my unix folder, have 2 files, these 2 files will keep on change with date time stamp. we want to use these files in one of our unix script. Can anyone help us how to take these 2 files as parameters passing to that script (like in VB or bat), instead of hard coded or manual change... (2 Replies)
Discussion started by: rkrish123
2 Replies

9. Solaris

Samba idmap ldap: works perfect on Linux,bad on Solaris and hpux

I have configured samba for working with and external ldap(ad windows2003+openldap backend to obtain the same uid and gid on all linux machines) On linux works perfect,and i get the same uid for a X user on all machines. On solaris11 and hpux 11.31 not wbinfo -u works fine wbinfo -g works... (0 Replies)
Discussion started by: Linusolaradm1
0 Replies

10. Shell Programming and Scripting

UNIX email issue

Hi all, I have tried to send an email with the below script. but i am not getting the subject of the email where it is present in the simply.txt. I am using HP UNIX server. I am not sure what mistake i made in the below unix command. any help would be appreciated. cat simply.txt ... (2 Replies)
Discussion started by: arun888
2 Replies

LEARN ABOUT MOJAVE

idmap_tdb

IDMAP_TDB(8)                                                System Administration tools                                               IDMAP_TDB(8)

NAME

       idmap_tdb - Samba's idmap_tdb Backend for Winbind

DESCRIPTION

       The idmap_tdb plugin is the default backend used by winbindd for storing SID/uid/gid mapping tables.

       In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs
       in order to create new mappings. The allocator can be provided by the idmap_tdb backend itself or by any other allocating backend like
       idmap_ldap or idmap_tdb2. This is configured with the parameter idmap alloc backend.

       Note that in order for this (or any other allocating) backend to function at all, the default backend needs to be writeable. The ranges
       used for uid and gid allocation are the default ranges configured by "idmap uid" and "idmap gid".

       Furthermore, since there is only one global allocating backend responsible for all domains using writeable idmap backends, any explicitly
       configured domain with idmap backend tdb should have the same range as the default range, since it needs to use the global uid / gid
       allocator. See the example below.

IDMAP OPTIONS

       range = low - high
           Defines the available matching uid and gid range for which the backend is authoritative. If the parameter is absent, Winbind fails over
           to use the "idmap uid" and "idmap gid" options from smb.conf.

EXAMPLES

       This example shows how tdb is used as a the default idmap backend. It configures the idmap range through the global options for all domains
       encountered. This same range is used for uid/gid allocation.

                [global]
                # "idmap backend = tdb" is redundant here since it is the default
                idmap backend = tdb
                idmap uid = 1000000-2000000
                idmap gid = 1000000-2000000

       This (rather theoretical) example shows how tdb can be used as the allocating backend while ldap is the default backend used to store the
       mappings. It adds an explicit configuration for some domain DOM1, that uses the tdb idmap backend. Note that the same range as the default
       uid/gid range is used, since the allocator has to serve both the default backend and the explicitly configured domain DOM1.

                [global]
                idmap backend = ldap
                idmap uid = 1000000-2000000
                idmap gid = 1000000-2000000
                # use a different uid/gid allocator:
                idmap alloc backend = tdb

                idmap config DOM1 : backend = tdb
                idmap config DOM1 : range = 1000000-2000000

AUTHOR

       The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.

Samba 3.5                                                           06/18/2010                                                        IDMAP_TDB(8)
All times are GMT -4. The time now is 03:01 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy