[Samba] Winbind troubles
Rowland Penny
rowlandpenny at googlemail.com
Mon Jul 22 15:45:28 MDT 2013
If you want my opinion, this is just another example of why not to use
winbind, if you can wait until tomorrow , I will send you an howto on sssd
on Ubuntu 12.04
Rowland
On Jul 22, 2013 10:36 PM, "steve" <steve at steve-ss.com> wrote:
> On Mon, 2013-07-22 at 17:29 -0400, Matthew Daubenspeck wrote:
> > On Mon, Jul 22, 2013 at 10:15:10PM +0100, Rowland Penny wrote:
> > > OK, that seems like it should work, I had the winbind ad backend
> > > working, but found it difficult to setup so jumped ship to sssd
> > > The idmap setup I used was:
> > > idmap config *:backend = tdb
> > > idmap config *:range = 1100-2000
> > > idmap config DOMAIN:backend = ad
> > > idmap config DOMAIN:schema_mode = rfc2307
> > > idmap config DOMAIN:range = 10000-3100000
> > > As you can see the number ranges are the opposite way round to what
> you
> > > have i.e. config*:range is lower than DOMAIN:range
> > > You could also try (as a test) changing backend = ad to backend =
> rid,
> > > this will ignore the rfc2307 bit but will test the connect to the AD
> > > server.
> > > Rowland
> >
> > Changing the above ranges made no difference. However, changing backend
> > = rid gets me:
> >
> > root at srv2:~# getent passwd administrator
> > administrator:*:10005:1013:Administrator:/home/Administrator:/bin/sh
>
> Amazing;)
> >
> > That seems to be working perfectly. What would I be losing without
> > rfc2307 (please excuse the ignorance)?
>
> You'd lose control over uidNumber, gidNumber and you wouldn't be able to
> specify your own home directories and login shells. It's also a
> nightmare if you add a second DC.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list