[Samba] two domain members, different groupIDs
Stefan G. Weichinger
lists at xunil.at
Thu Jun 22 10:56:25 UTC 2017
Am 2017-06-22 um 10:44 schrieb Rowland Penny via samba:
>> Can I fix that without breaking things?
>
> If your users have files stored on the domain members, probably not.
I understand that this just creates the need to run some
chown/chgrp-commands after correcting smb.conf and restarting samba?
> Your 'idmap config' block on ALL Unix domain members needs to be
> something like this:
>
> idmap config * : backend = tdb
> idmap config *:range = 2000-9999
> idmap config domain : backend = rid
> idmap config domain : range = 10000-99999
I am never sure how to specify $domain in the 2nd two settings here.
In this case the Domain is called ABC.XYZ and for example:
# net ads info | grep Realm
ABC.XYZ
and in smb.conf
workgroup = XYZ
realm =ABC.XYZ
and in krb5.conf
default_realm = ABX.XYZ
so is it ->
idmap config XYZ : backend = rid
or
idmap config ABC.XYZ : backend = rid
?
> Your samba versions are not new enough to use 'idmap config
> mydomain:schema_mode = rfc2307' and you wouldn't use it with the 'rid'
> backend.
Yes. I just try to stay at the versions the stable repos give me ...
> This is deprecated: 'idmap config domain : base_rid = 0' because '0' is
> the default.
ok
> If you use something like the above on all Unix domain members, you
> will always get the same IDs because the 'rid' backend calculates the
> ID from the RID.
looking forward to correct that, thanks!
More information about the samba
mailing list