[Samba] Samba4 member of an another « Samba4 » domain
François Lafont
flafdivers at free.fr
Sat Apr 13 17:37:37 MDT 2013
Hello,
Le 13/04/2013 20:24, steve a écrit :
> You still have to add the objects. Yourself!
Ok, if I understand, after a provision of a domain with samba-tool and the "--use-rfc2307" option, samba4 can support posixaccount etc. in its database, but I have to add the object class and the mandatory attributes myself.
But, after this:
-------------------------------------------
samba-tool domain provision --realm=CHEZMOI.PRIV --domain=CHEZMOI \
--server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass='+toto123' \
--use-rfc2307
ln -s /usr/local/samba/lib/libnss_winbind.so /lib/libnss_winbind.so
ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
# I had winbind in nsswitch.conf
sed -i -r -e 's/^(passwd:.*)$/\1 winbind/g' -e 's/^(group:.*)$/\1 winbind/g' /etc/nsswitch.conf
samba
-------------------------------------------
I have a few users and groups which are already created:
# wbinfo -u
Administrator
Guest
krbtgt
# wbinfo -g
Enterprise Read-Only Domain Controllers
Domain Admins
Domain Users
Domain Guests
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Group Policy Creator Owners
Read-Only Domain Controllers
DnsUpdateProxy
Must I add "objectclass: posixAccount", "uid:...", uidNumber:..." etc. entries for each account above?
And must I add "objetclass: posixGroup", "gidNumber: ..." etc. entries for each group above?
Which uid/gid numbers should I use?
Without "posixAccount" "uid" "uidNumber" etc. entries, the domain accounts are automatically already allied to a uid number that I can see with "getent passwd":
# getent passwd Guest
CHEZMOI\Guest:*:3000011:3000012::/home/CHEZMOI/Guest:/bin/false
uid=3000011 although I have done no change in the Guest account.
How choose Samba these uid/gid numbers (e.g 3000011/3000012) and how can I choose my uid/gid numbers in order that there is never conflict with uid/gid choose automatically by Samba?
Another problem: just after provision, the /usr/local/samba/var/locks/sysvol/ repository is already created with particulary settings regarding the unix rights and the alc (with particulary uid/gid numbers). Must I change the (unix/acl) rights of this repository too ?
> There's another thread
> here at the moment about how or how not to do that.
Where? I don't see it. Personally, I never succeed in the "rfc2307" working, until now.
My purpose is to have the same uid/gid numbers between 2 samba4 servers.
--
François Lafont
More information about the samba
mailing list