Bug 13005 - Winbind IDMAP_AD pulling AD object UID and GID
Winbind IDMAP_AD pulling AD object UID and GID
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
unspecified
x86 Linux
: P5 critical
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-31 06:32 UTC by Richard
Modified: 2017-09-16 07:13 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Richard 2017-08-31 06:32:52 UTC
Am unable to pull user defined UID and GID Attributed from Active Directory. 

According to the directive idmap_ad should support it. ??

smb.conf


workgroup = Domain
realm = Domain.com
security = ads
kerberos method = secrets and keytab
winbind offline logon = true
idmap config Domain : unix_nss_info = yes
idmap config Domain : unix_primary_group = yes
idmap config Domain : backend = ad
idmap config Domain : schema_mode = rfc2307
idmap config Domain : range = 9999999990000-199999
log file = /var/log/samba/log.%m
max log size = 50
log level = 10
winbind refresh tickets = Yes
winbind enum users = yes
winbind enum groups = yes
Comment 1 Richard 2017-08-31 06:37:19 UTC
samba-python-4.4.4-14.el7_3.x86_64
samba-pidl-4.4.4-14.el7_3.noarch
samba-libs-4.4.4-14.el7_3.x86_64
samba-winbind-krb5-locator-4.4.4-14.el7_3.x86_64
samba-winbind-4.4.4-14.el7_3.x86_64
samba-krb5-printing-4.4.4-14.el7_3.x86_64
samba-common-4.4.4-14.el7_3.noarch
samba-common-libs-4.4.4-14.el7_3.x86_64
samba-client-4.4.4-14.el7_3.x86_64
samba-winbind-clients-4.4.4-14.el7_3.x86_64
samba-test-libs-4.4.4-14.el7_3.x86_64
samba-devel-4.4.4-14.el7_3.x86_64
samba-common-tools-4.4.4-14.el7_3.x86_64
samba-4.4.4-14.el7_3.x86_64
samba-vfs-glusterfs-4.4.4-14.el7_3.x86_64
samba-client-libs-4.4.4-14.el7_3.x86_64
samba-winbind-modules-4.4.4-14.el7_3.x86_64
samba-dc-libs-4.4.4-14.el7_3.x86_64
samba-dc-4.4.4-14.el7_3.x86_64
samba-test-4.4.4-14.el7_3.x86_64
Comment 2 Richard 2017-08-31 06:38:09 UTC
samba-python-4.4.4-14.el7_3.x86_64
samba-pidl-4.4.4-14.el7_3.noarch
samba-libs-4.4.4-14.el7_3.x86_64
samba-winbind-krb5-locator-4.4.4-14.el7_3.x86_64
samba-winbind-4.4.4-14.el7_3.x86_64
samba-krb5-printing-4.4.4-14.el7_3.x86_64
samba-common-4.4.4-14.el7_3.noarch
samba-common-libs-4.4.4-14.el7_3.x86_64
samba-client-4.4.4-14.el7_3.x86_64
samba-winbind-clients-4.4.4-14.el7_3.x86_64
samba-test-libs-4.4.4-14.el7_3.x86_64
samba-devel-4.4.4-14.el7_3.x86_64
samba-common-tools-4.4.4-14.el7_3.x86_64
samba-4.4.4-14.el7_3.x86_64
samba-vfs-glusterfs-4.4.4-14.el7_3.x86_64
samba-client-libs-4.4.4-14.el7_3.x86_64
samba-winbind-modules-4.4.4-14.el7_3.x86_64
samba-dc-libs-4.4.4-14.el7_3.x86_64
samba-dc-4.4.4-14.el7_3.x86_64
samba-test-4.4.4-14.el7_3.x86_64
Comment 3 Richard 2017-08-31 06:38:35 UTC
Here is the directive want to leverage?
https://wiki.samba.org/index.php/Idmap_config_ad
Comment 4 Volker Lendecke 2017-08-31 06:47:59 UTC
Can you upload all winbind logs (log.w*) after setting "debug level = 10" and restarting winbind?

Thanks, Volker
Comment 5 Stefan Metzmacher 2017-09-16 07:13:43 UTC
(In reply to Richard from comment #3)

idmap config Domain : range = 9999999990000-199999
looks invalid...