Last updated on OCTOBER 12, 2016
Applies to:Solaris Operating System - Version 10 3/05 and later
Information in this document applies to any platform.
Using winbind in combination with the idmap_ad backend of Samba, it is not possible to resolve the Active Directory users on a Solaris system using the getent(1M) or id(1M) commands.
On a Samba server configured as a members server in a Active Directory domain with name 'CORP':
bash-3.2# getent passwd CORP+bob
bash-3.2# id -a CORP+bob
id: invalid user name: "CORP+bob"
The following configuration steps have been taken:
- The Windows AD server in this setup is a Windows 2008R2 where the Identity management for Unix software has been successfully installed and configured.
- The passwd and group entries of the /etc/nsswithc.conf file has been configured to use winbind:
passwd: files winbind
group: files winbind
- The winbind section of the smb.conf file has been configured to use the idmap_backend:
winbind separator = +
winbind enum users = no
winbind enum groups = no
# mapping outside the CORP domain (normaly unused)
idmap config *: backend = tdb
idmap config *: range = 100000-1999999
# for mapping of AD rfc2307 schema posix values inside the CORP domain
idmap config CORP: backend = ad
idmap config CORP: range = 1000-99999
idmap config CORP: schema_mode = rfc2307
The actual uid and guid ranges may be different for you. Please correct them if necessary.
The entry for schema_mode should be "rfc2307" if you are using the RFC2307 schema support included
in Windows 2003R2 or higher or "sfu" if you installed Services For Unix (SFU) on Windows.
- The Samba server has successfully joined the Active Directory domain and both the samba and winbind SMF services are running.
- The Active Directory users can be looked up using 'wbinfo -u'
bash-3.2# wbinfo -u | grep bob
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms