Today's Posts

All Windows and DOS questions should go here as well. Discuss UNIX to Windows (Desktop or Server) here!

UNIX AD idmap issue

Login to Reply

Thread Tools Search this Thread
# 1  
Old 06-01-2012
UNIX AD idmap issue


I'm having a nightmare of a time with this one. I've recently taken over a sys admin role and shortly after I did, the print server failed. I've had to replace the hard disk. ---don't ask about backups....there hasn't been a sys admin in post for almost a year......

Anyway, the aim, to get the unix cups server back up and running, authenticate against AD and then install the printers.

So, after a fresh install of centos 6.2, samba etc installed, all registered correctly on the network, time to authenticate against the Domain Controller which uses AD. Not a problem, I have got that sorted, e.g. wbinfo gives me everything I need, except the idmapping is wrong.

There is an older server that works running Samba version 3.0.33-3.39.el5_8

Here is the smb.conf file from the working server, which I've not touched (I've changed the domain name for this post);

        workgroup = DOMAIN
        server string = DOMAIN Filestore Server
        security = ads
        realm = DOMAIN.EXAMPLE.COM

        use kerberos keytab = yes

        winbind use default domain = true

        idmap domains = ALLDOMAINS
        idmap config ALLDOMAINS:backend = ad
        idmap config ALLDOMAINS:default = yes
        idmap config ALLDOMAINS:range = 1000 - 60000

        winbind nss info = rfc2307

        winbind enum users = yes
        winbind enum groups = yes

So with Samba version 3.5.10-116.el6_2 on the server I'm trying to get working, we have some deprecated commands.

This is what smb.conf on the machine I am trying to get working looks like;

        workgroup = DOMAIN
        server string = DOMAIN Print Server
        security = ads
        realm = DOMAIN.EXAMPLE.COM

        #use kerberos keytab = yes ##deprecated
        kerberos method = system keytab
        dedicated keytab file = /etc/opt/quest/vas/host.keytab

        winbind use default domain = yes
        winbind nested groups = yes

        idmap backend = tbd
        idmap uid = 10000-33554431
        idmap gid = 10000-33554431

        idmap config DOMAIN : backend = ad
        idmap config DOMAIN : range = 1000-9999
        idmap config DOMAIN : schema_mode = rfc2307

        winbind nss info = rfc2307

        winbind enum users = yes
        winbind enum groups = yes

I've played around with the file so much for the last three days, I've not managed to sort it. The users from the AD Domain Controller appear on the print server fine, however the GID and UID are wrong. Where as on the older file server it works fine.

Does anyone have any experience with this who might be able to give me any pointers? Is there something I've clearly done wrong?
Login to Reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
UNIX email issue arun888 Shell Programming and Scripting 2 08-18-2015 09:58 AM
Samba idmap ldap: works perfect on Linux,bad on Solaris and hpux Linusolaradm1 Solaris 0 12-03-2013 12:21 PM
UNIX files issue rkrish123 Shell Programming and Scripting 2 07-04-2013 02:59 PM
.profile issue with UNIX solaris_1977 Shell Programming and Scripting 3 02-27-2013 08:23 PM
awk sub() issue in Unix meroko Shell Programming and Scripting 16 07-11-2012 05:27 AM
New to Unix - display issue Setnaro AIX 4 05-02-2012 07:11 PM
Issue with Sort in Unix deepaknbk Shell Programming and Scripting 5 08-08-2011 08:29 AM
Unix Arithmatic operation issue , datatype issue thambi Shell Programming and Scripting 23 02-19-2008 07:19 AM
Unix Login Issue freakygs UNIX for Advanced & Expert Users 1 01-16-2008 08:21 AM
Issue with Unix cat command RcR Shell Programming and Scripting 13 10-31-2007 06:54 AM

All times are GMT -4. The time now is 08:35 PM.

Unix & Linux Forums Content Copyright 1993-2018. All Rights Reserved.
Show Password