Glider
"In het verleden behaalde resultaten bieden geen garanties voor de toekomst"
About this blog

These are the ramblings of Matthijs Kooijman, concerning the software he hacks on, hobbies he has and occasionally his personal life.

Most content on this site is licensed under the WTFPL, version 2 (details).

Questions? Praise? Blame? Feel free to contact me.

My old blog (pre-2006) is also still available.

See also my Mastodon page.

Sun Mon Tue Wed Thu Fri Sat
 
30      
Powered by Blosxom &Perl onion
(With plugins: config, extensionless, hide, tagging, Markdown, macros, breadcrumbs, calendar, directorybrowse, feedback, flavourdir, include, interpolate_fancy, listplugins, menu, pagetype, preview, seemore, storynum, storytitle, writeback_recent, moreentries)
Valid XHTML 1.0 Strict & CSS
Winbind, idmap_ad and machine accounts

Small post about a stupid problem I was having tonight with Samba. As you may know, Inter-Actief uses samba on its fileserver, using active directory for authentication.

We have enabled the idmap_ad module, by putting idmap backend = ad in smb.conf. All our users are assigned a unix uid in the active director, so they can login. This works okay for normal users, they can login, access files, etc. Yet, this fails for software deployment.

We are using standard windows software deployment techniques, using group policies in our AD. Yet, when clients try to install that software, nobody is logged in yet, so the install process runs as the machine account of the machine. But when trying to authenticate with this account at the fileserver, it can't find the unix uid for the account, so the login fails.

Solving this proved easy (though it took me half an evening to think of it): I added the map to guest = Bad Uid option to my smb.conf. This ensures that any failed uid lookup is mapped to my guest user, nobody. Since the share that provides the deployed software is accessible by guest users (guest ok = yes), this allows clients to access deployed software.

My clients are now able to access the files on the fileserver. Now I am up for the next problem, according to samba logs, they stopped trying, while the windows event viewer still says installation failed because the installation source was not available. Gr.... Stupid windows....

 
0 comments -:- permalink -:- 23:50
Copyright by Matthijs Kooijman - most content WTFPL