Description: RID mapping is not working or not loaded and I could only find the four static loaded idmap modules. Versions tested: 4.2.0rc5 4.3.0pre1-GIT-3e9e5e6 log.winbindd-idmap: 2015/02/26 10:55:55.706426, 5] ../source3/winbindd/idmap.c:154(smb_register_idmap) Successfully added idmap backend 'tdb' [2015/02/26 10:55:55.706449, 5] ../source3/winbindd/idmap.c:154(smb_register_idmap) Successfully added idmap backend 'passdb' [2015/02/26 10:55:55.706461, 5] ../source3/winbindd/idmap.c:154(smb_register_idmap) Successfully added idmap backend 'nss' [2015/02/26 10:55:55.706472, 5] ../source3/winbindd/idmap.c:154(smb_register_idmap) Successfully added idmap backend 'ldap' # ls /usr/local/samba/lib/idmap/ ad.so autorid.so hash.so rfc2307.so rid.so script.so tdb2.so smb.conf: [global] workgroup = MSDE realm = MSDE.LAN netbios name = DC1 server role = active directory domain controller dns forwarder = 172.17.0.250 idmap_ldb:use rfc2307 = no read only = no bind interfaces only = yes interfaces = eth* log level = 5 ### Linux & Windows ### winbind separator = . template shell = /bin/bash hide files = /*.desktop/ idmap config *:backend = tdb idmap config *:range = 9000-9999 idmap config MSDE:backend = rid idmap config MSDE:range = 1000-1999 winbind enum users = yes winbind enum groups = yes winbind use default domain = no winbind refresh tickets = yes ### Stabilität ### server services = -nbt smb ports = 445 oplocks = no level2 oplocks = no kernel oplocks = no #oplock contention limit= 2 locking = yes posix locking = yes kernel share modes = yes ### Leistung ### use sendfile = yes write cache size = 2097152 min receivefile size = 1024
/usr/local/* paths aren't normally checked for shared libraries - see http://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html for details. You generally have a few options: - configure samba using a --libdir parameter that is suitable for your operating system. - Use Samba packages bundled with the distribution, which should be correctly configured. - modify /etc/ld.so.conf or LD_LIBRARY_PATH so that the /usr/local/samba/lib/idmap/ is searched.
One further comment... idmap_rid uses the following formula to convert a Windows RID to a Unix UID/GID: ID = RID - BASE_RID (0) + LOW_RANGE_ID (1000) With a maximum range id of 1999, any user with a Windows RID over 999 will not be mapped. Windows user RIDs normally _start_ at 1000 and go upwards, meaning that no users will be mapped!
Its been some time ago, but I remember that both suggestions don't help. Regarding 1. comment this was all done before, 2. isn't it: ID = RID - BASE_RID (0) + LOW_RANGE_ID (1000) ID = RID - 1000 + 1000, as the base is 1000? But this is not the reason. Mapping works, but only not the reqeusted relative but always unwanted local tdb mapping. I started debugging and digged into source and found that the loading and initializaion mechanism does _not_even_try_to_load_other_backends_ than tdb, passdb, nss and ldap. Dynamic initialisation of other backends is broken. Btw, initialization is so overly complex, that I consider it broken by design. I I lowered the importance since I gave up on winbind. Regards David
The supplied smb.conf was from an AD DC, yet is has the 'idmap config' lines from a Unix domain member. These do not work on an AD DC, so 'RID' mapping will not work as David Mudrich expects. This is not a bug.