Hi,
I'm having a nightmare of a time with this one. I've recently taken over a sys admin role and shortly after I did, the print server failed. I've had to replace the hard disk. ---don't ask about backups....there hasn't been a sys admin in post for almost a year......
Anyway, the aim, to get the unix cups server back up and running, authenticate against AD and then install the printers.
So, after a fresh install of centos 6.2, samba etc installed, all registered correctly on the network, time to authenticate against the Domain Controller which uses AD. Not a problem, I have got that sorted, e.g. wbinfo gives me everything I need, except the idmapping is wrong.
There is an older server that works running Samba version 3.0.33-3.39.el5_8
Here is the smb.conf file from the working server, which I've not touched (I've changed the domain name for this post);
workgroup = DOMAIN
server string = DOMAIN Filestore Server
security = ads
realm = DOMAIN.EXAMPLE.COM
use kerberos keytab = yes
winbind use default domain = true
idmap domains = ALLDOMAINS
idmap config ALLDOMAINS:backend = ad
idmap config ALLDOMAINS:default = yes
idmap config ALLDOMAINS:range = 1000 - 60000
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
So with Samba version 3.5.10-116.el6_2 on the server I'm trying to get working, we have some deprecated commands.
This is what smb.conf on the machine I am trying to get working looks like;
workgroup = DOMAIN
server string = DOMAIN Print Server
security = ads
realm = DOMAIN.EXAMPLE.COM
#use kerberos keytab = yes ##deprecated
kerberos method = system keytab
dedicated keytab file = /etc/opt/quest/vas/host.keytab
winbind use default domain = yes
winbind nested groups = yes
idmap backend = tbd
idmap uid = 10000-33554431
idmap gid = 10000-33554431
idmap config DOMAIN : backend = ad
idmap config DOMAIN : range = 1000-9999
idmap config DOMAIN : schema_mode = rfc2307
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
I've played around with the file so much for the last three days, I've not managed to sort it. The users from the AD Domain Controller appear on the print server fine, however the GID and UID are wrong. Where as on the older file server it works fine.
Does anyone have any experience with this who might be able to give me any pointers? Is there something I've clearly done wrong?