[Samba] LDAP + Samba4(AD) + SSH
Rowland Penny
rowlandpenny241155 at gmail.com
Fri Aug 21 19:28:22 UTC 2015
On 21/08/15 20:08, Guilherme Boing wrote:
> Hello,
>
> I want my domain users to be able to connect to our linux servers using
> their AD username through LDAP.
What do you mean 'through LDAP' ?
>
> I am using nslcd and pam_ldap to do so, but I am having some hard time
> trying to figure out why the GID is not working properly.
>
> # getent passwd Guilherme
> Guilherme:*:10000:*513*:Guilherme:/home/Guilherme:/bin/bash
>
> # getent group|grep 513
>
> # id Guilherme
> uid=10000(Guilherme) gid=513 grupos=513,10001(it),10000(Domain Users)
>
> /etc/nslcd.conf: (bind not included)
> filter passwd (objectClass=user)
> filter group (objectClass=group)
>
> map passwd uid sAMAccountName
> map passwd homeDirectory unixHomeDirectory
> map passwd gecos displayName
> map passwd gidNumber primaryGroupID
> map group uniqueMember member
>
> I know that 513 should mean "Domain Users" from ADUC. However, "Domain
> Users" has the "UNIX Attributes" configuration of GID=10000.
How do you 'know' 513 should mean "Domain Users" ?
513 is the RID of "Domain Users" and by your own admission "Domain
Users" has the gidNumber of 10000
RID does not necessarily equal gidNumber
>
> # getent group|grep 10000
> Domain Users:*:10000:
>
> Should I change the UNIX Attributes ID of Domain Users to 513 ?
> What am I doing wrong ?
>
> Thanks
You can if you so wish, but you will need to 'chgrp' anything stored on
Unix owned by the "Domain Users" group.
Rowland
More information about the samba
mailing list