[Samba] id maping

Mon Feb 20 12:31:57 UTC 2017

Hai, 

Your ADDC and member setup is incorrect. 

ADDC => https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC 
https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD
( hint: remove all : idmap config lines ) 

Member => 
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
(hint: add the lines removed from the AD. ) 

And this is always wrong so correct them. 
> 	idmap config SAMDOM:range = 1001-999999
> 	idmap config * : range = 3000-7999
These overlap, which is not allowed.

After the changed, run : net cache flush
Restart samba and winbind 

File server setttings: 
https://wiki.samba.org/index.php/Samba_File_Serving 

and also very helpfull
https://wiki.samba.org/index.php/User_Documentation 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens basti via samba
> Verzonden: maandag 20 februari 2017 13:07
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] id maping
> 
> Hello,
> I have install samba ad.
> On AD the config look like
> 
> # Global parameters
> [global]
> 	netbios name = DC1
> 	realm = SAMDOM.EXAMPLE.COM
> 	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> 	workgroup = SAMDOM
> 	server role = active directory domain controller
> 	idmap_ldb:use rfc2307 = yes
> 
> 	# Default idmap config for local BUILTIN accounts and groups
> 	idmap config * : backend = tdb
> 	idmap config * : range = 3000-7999
> 
> 	# idmap config for the KES domain
> 	idmap config SAMDOM:backend = ad
> 	idmap config SAMDOM:schema_mode = rfc2307
> 	idmap config SAMDOM:range = 1001-999999
> 
> [netlogon]
> 	path = /var/lib/samba/sysvol/kes.carlmarie.de/scripts
> 	read only = No
> 
> [sysvol]
> 	path = /var/lib/samba/sysvol
> 	read only = No
> 
> when I use "getent passwd someuser" it return a valid entry
> SAMDOM\someuser:*:7072:513:someuser:/home/SAMDOM/someuser:/bin/false
> 
> On a domainmember the smb.conf looks like
> 
>        security = ADS
>        workgroup = SAMDOM
>        realm = SAMDOM.EXAMPLE.COM
> 
>        log file = /var/log/samba/%m.log
>        log level = 3
> 
>        # idmap config for the KES domain
>        idmap config KES:backend = ad
>        idmap config KES:schema_mode = rfc2307
>        idmap config KES:range = 4000-999999
> 
>         winbind enum users = yes
>         winbind enum groups = yes
>         template homedir = /home/%D/%U
> 
>         template shell = /bin/bash
>         client use spnego = yes
>         client ntlmv2 auth = yes
>         encrypt passwords = yes
>         winbind use default domain = yes
>         restrict anonymous = 2
> 
> and "getent passwd someuser" return different entrys
> 
> someuser:*:7072:4294967295:someuser:/home/SAMDOM/someuser:/bin/bash
> 
> after "net cache flush" I get
> 
> someuser:*:4294967295:4294967295:someuser:/home/SAMDOM/someuser:/bin/bash
> 
> I read the samba config again and agian but i do not understand the
> problem above. I have import the users from nt4 doamin an all my users
> starts at uid 3000 and have a gid of 513 (Domain Users).
> 
> how can I map the gid 513 to AD?, i can't chown all the files on all
> fileservers inmy domain.
> whats wrong there?
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba