[Samba] security = ads parameter not working in samba 4.9.5
Rowland penny
rpenny at samba.org
Wed Nov 27 15:51:21 UTC 2019
On 27/11/2019 15:30, Sérgio Basto wrote:
> On Wed, 2019-11-27 at 12:29 +0000, Rowland penny via samba wrote:
>> On 27/11/2019 11:03, Sérgio Basto via samba wrote:
>>> Sorry I meant man idmap_ad. But checking again man is equal of
>>> https://wiki.samba.org/index.php/Idmap_config_ad in EXAMPLES of man
>>> page [1]
>>>
>>> Examples don't mention netbios name ... I did [2] which instead use
>>> workgroup I used netbios name and it is working but still don't
>>> know
>>> why or even if it correct .
>> You do not need to set 'netbios name', it will be set for you from
>> the
>> hostname
>>>
>>> [2]
>>> [global]
>>> netbios name = REPO
>>> security = ADS
>>> workgroup = SAMDOM
>>> realm = SAMDOM.EXAMPLE.COM
>>>
>>> winbind use default domain = yes
>>>
>>> idmap config * : backend = tdb
>>> idmap config * : range = 1000000-1999999
>>>
>>> idmap config REPO : backend = ad
>>> idmap config REPO : schema_mode = rfc2307
>>> idmap config REPO : range = 10000-999999
>>> idmap config REPO : unix_nss_info = yes
>> You need to use the workgroup name, not the netbios name. There will
>> be
>> three domains on your Unix domain member:
>>
>> BUILTIN : Mostly used for the Well Known SIDs
>>
>> SAMDOM : Your AD domain
>>
>> REPO : a local domain and not really relevant
>
> Hi, many thanks for the reply and it started to work but I had to use
> realm
>
> security = ADS
> workgroup = SAMDOM
> realm = SAMDOM.LOCAL
> idmap config * : backend = tdb
> idmap config * : range = 1000000-1999999
>
> idmap config SAMDOM.LOCAL : backend = ad
> idmap config SAMDOM.LOCAL : schema_mode = rfc2307
> idmap config SAMDOM.LOCAL : range = 10000-999999
> idmap config SAMDOM.LOCAL : unix_nss_info = yes
You have something mis-configured somewhere, it MUST be workgroup, not
realm.
Please download this:
https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh
Run it on the Unix domain member and paste the ouput into a post, do not
attach it, this list strips attachments.
Rowland
More information about the samba
mailing list