Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: UNIX AD idmap issue
Special Forums Windows & DOS: Issues & Discussions UNIX AD idmap issue Post 302650057 by rudigarude on Friday 1st of June 2012 11:53:36 AM
Old 06-01-2012
UNIX AD idmap issue
Hi,

I'm having a nightmare of a time with this one. I've recently taken over a sys admin role and shortly after I did, the print server failed. I've had to replace the hard disk. ---don't ask about backups....there hasn't been a sys admin in post for almost a year......

Anyway, the aim, to get the unix cups server back up and running, authenticate against AD and then install the printers.

So, after a fresh install of centos 6.2, samba etc installed, all registered correctly on the network, time to authenticate against the Domain Controller which uses AD. Not a problem, I have got that sorted, e.g. wbinfo gives me everything I need, except the idmapping is wrong.

There is an older server that works running Samba version 3.0.33-3.39.el5_8

Here is the smb.conf file from the working server, which I've not touched (I've changed the domain name for this post);

Code:
        workgroup = DOMAIN
        server string = DOMAIN Filestore Server
        security = ads
        realm = DOMAIN.EXAMPLE.COM

        use kerberos keytab = yes

        winbind use default domain = true

        idmap domains = ALLDOMAINS
        idmap config ALLDOMAINS:backend = ad
        idmap config ALLDOMAINS:default = yes
        idmap config ALLDOMAINS:range = 1000 - 60000

        winbind nss info = rfc2307

        winbind enum users = yes
        winbind enum groups = yes

So with Samba version 3.5.10-116.el6_2 on the server I'm trying to get working, we have some deprecated commands.

This is what smb.conf on the machine I am trying to get working looks like;

Code:
        workgroup = DOMAIN
        server string = DOMAIN Print Server
        security = ads
        realm = DOMAIN.EXAMPLE.COM

        #use kerberos keytab = yes ##deprecated
        kerberos method = system keytab
        dedicated keytab file = /etc/opt/quest/vas/host.keytab

        winbind use default domain = yes
        winbind nested groups = yes

        idmap backend = tbd
        idmap uid = 10000-33554431
        idmap gid = 10000-33554431

        idmap config DOMAIN : backend = ad
        idmap config DOMAIN : range = 1000-9999
        idmap config DOMAIN : schema_mode = rfc2307

        winbind nss info = rfc2307

        winbind enum users = yes
        winbind enum groups = yes

I've played around with the file so much for the last three days, I've not managed to sort it. The users from the AD Domain Controller appear on the print server fine, however the GID and UID are wrong. Where as on the older file server it works fine.

Does anyone have any experience with this who might be able to give me any pointers? Is there something I've clearly done wrong?
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Unix Login Issue

Guys .. I got my user ID created in a production system of my organisation. the problem I got is my HOME directory in environment has been mis-spelt. Like: I should be logging into unix using ID: freakegs My home directory should be : /users/freakygs and echo $HOME should also... (1 Reply)
Discussion started by: freakygs
1 Replies

2. Shell Programming and Scripting

Unix Arithmatic operation issue , datatype issue

Hi, I have a shell scripting. This will take 7 digit number in each line and add 7 digit number with next subsequent lines ( normal addition ). Eg: 0000001 0000220 0001235 0000022 0000023 ........... ......... ........ Like this i am having around 1500000 records. After adding... (23 Replies)
Discussion started by: thambi
23 Replies

3. Shell Programming and Scripting

UNIX variable issue

Hi all, Something funny happen with this code: EXIST=`ssh batch@190.2.332.234 'if ; then echo 0; else echo 1 ; fi'` echo $EXIST Above code will display "1". The value of remotePath is /home/batch The value of fileName is sample.txt ========================================= ... (1 Reply)
Discussion started by: suigion
1 Replies

4. UNIX for Advanced & Expert Users

Unix Printing issue

I am currently struggling with attempting to print text files on a SCO 5.0.7 server to a network printer. The printer is an Hp LJ P2015dn There is an existing printer set up, and when I do a: lp -d myprinter /etc/hosts the first line of the hosts file is all that prints. I even attempted... (5 Replies)
Discussion started by: asamon
5 Replies

5. AIX

New to Unix - display issue

new to the forums hope is this the right area to post this, I have 4 IBM servers (inherited) and all of them are connecting through a KVM. Probelm is all the servers are fuzzy on the monitor. I have tried switching multiple monitors and all get the same effect no matter if they are wide screen or... (4 Replies)
Discussion started by: Setnaro
4 Replies

6. Shell Programming and Scripting

.profile issue with UNIX

Hi, There is a user in Solaris-10 zone, ora_big01. Its .profile is not getting executed due to some reason and I am not able to find that. root@trddpd-dwsq04:/# cat /etc/passwd | grep -i ora_big01 ora_big01:x:242349:220:Siebel for QA:/ccq/apps/siebel:/usr/bin/ksh root@trddpd-dwsq04:/# which ksh... (3 Replies)
Discussion started by: solaris_1977
3 Replies

7. UNIX for Advanced & Expert Users

UNIX Mount Issue

Hi, Not entirely sure if this is the right thread. Essentially, fdisk -l shows that /dev/sda is a drive (750 GB), with 1 partition at /dev/sda1 with system type "Linux". I'm pretty nooby at working with drives, but I'm pretty sure that the output of: mount /dev/sda1 /media/int Should not... (4 Replies)
Discussion started by: FreddoT
4 Replies

8. Shell Programming and Scripting

UNIX files issue

In one of my unix folder, have 2 files, these 2 files will keep on change with date time stamp. we want to use these files in one of our unix script. Can anyone help us how to take these 2 files as parameters passing to that script (like in VB or bat), instead of hard coded or manual change... (2 Replies)
Discussion started by: rkrish123
2 Replies

9. Solaris

Samba idmap ldap: works perfect on Linux,bad on Solaris and hpux

I have configured samba for working with and external ldap(ad windows2003+openldap backend to obtain the same uid and gid on all linux machines) On linux works perfect,and i get the same uid for a X user on all machines. On solaris11 and hpux 11.31 not wbinfo -u works fine wbinfo -g works... (0 Replies)
Discussion started by: Linusolaradm1
0 Replies

10. Shell Programming and Scripting

UNIX email issue

Hi all, I have tried to send an email with the below script. but i am not getting the subject of the email where it is present in the simply.txt. I am using HP UNIX server. I am not sure what mistake i made in the below unix command. any help would be appreciated. cat simply.txt ... (2 Replies)
Discussion started by: arun888
2 Replies

LEARN ABOUT OSX

idmap_tdb

IDMAP_TDB(8)															      IDMAP_TDB(8)

NAME

       idmap_tdb - Samba's idmap_tdb Backend for Winbind

DESCRIPTION

       The  idmap_tdb  plugin  is  the default backend used by winbindd for storing SID/uid/gid mapping tables and implements both the "idmap" and
       "idmap alloc" APIs.

IDMAP OPTIONS

       range = low - high
	  Defines the available matching uid and gid range for which the backend is authoritative. Note that the range commonly matches the  allo-
	  cation range due to the fact that the same backend will store and retrieve SID/uid/gid mapping entries. If the parameter is absent, Win-
	  bind fail over to use the "idmap uid" and "idmap gid" options from smb.conf.

IDMAP ALLOC OPTIONS

       range = low - high
	  Defines the available matching uid and gid range from which winbindd can allocate for users and groups. If the parameter is absent, Win-
	  bind fail over to use the "idmap uid" and "idmap gid" options from smb.conf.

EXAMPLES

       The following example is equivalent to the pre-3.0.25 default idmap configuration using the "idmap backend = tdb" setting.

	    [global]
		idmap domains = ALLDOMAINS
		idmap config ALLDOMAINS:default = yes
		idmap config ALLDOMAINS:backend = tdb
		idmap config ALLDOMAINS:range	= 10000 - 50000

		idmap alloc backend = tdb
		idmap alloc config:range = 10000 - 50000

AUTHOR

       The  original  Samba  software  and  related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.

																      IDMAP_TDB(8)
All times are GMT -4. The time now is 11:30 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy