[Samba] New ADC configuration
Matthew Daubenspeck
matt at oddprocess.org
Tue Jul 16 12:38:56 MDT 2013
On Tue, Jul 16, 2013 at 01:16:02PM -0400, Matthew Daubenspeck wrote:
> On Tue, Jul 16, 2013 at 05:22:14PM +0100, Rowland Penny wrote:
> > Yes, you can use ADUC but you need to have provisioned samba4 with
> > --use-rfc2307
> > You can also add the uidNumber & gidNumber with an ldif and ldapmodify
> > or ldbmodify. Have a look here:
> > [1]http://linuxcostablanca.blogspot.com.es/2012/02/samba-4-posix-domain
> > -user.html
> > Without the uidNumber & gidNumber, using the ad backend, Winbind will
> > not display any users, with uidNumber & gidNumber, Winbind will only
> > display the users & groups that have them.
> > If you do not want to enter the uidNumber etc, have a look at sssd,
> > this will do all that Winbind does without all the hassle.
> > Rowland
>
> That must be the problem. The wiki had no mention of provisioning with
> --use-rfc2307. I'll redo that and try again.
I re provisioned the whole works, rejoined the member server. Now in
ADUC I can see the NIS domain name and UID, as well is being part of a
primary group (after I created one). It works perfectly on the DC
server, but still nothing seems to propagate to the member server.
DC:
# id testuser
uid=10001(NWLTECH\testuser) gid=100(users) groups=100(users)
Member:
# id testuser
id: testuser: no such user
I've turned the log level to 3, and the only error I see is:
[2013/07/16 14:37:05.757568, 1] ../source3/winbindd/idmap_ad.c:653(idmap_ad_sids_to_unixids)
Could not get unix ID for SID S-1-5-21-1953420892-2023128348-2744795462-513
And the SIDs change as I query for different users...
More information about the samba
mailing list