[Samba] bad home path from AD
Rowland Penny
rpenny at samba.org
Sat Mar 30 08:19:21 UTC 2024
On Thu, 28 Mar 2024 17:00:48 +0100 (CET)
Arnaud Bougeard via samba <samba at lists.samba.org> wrote:
> Thanks Rowland for you answer.
>
> I passed the idmap config UR parameter: unix_nss_info to yes and it
> works
>
> I work in university with a large number of users.
> The RIDs which I understand like the last digits of the SID are from
> 1000 to 300000 and uid from the LDAP are from 500 to 29009894.
>
> So I don't really know what to do with it ?
>
> I modify idmap to:
> idmap config * : backend = tdb
> idmap config * : range = 16777216-33554431
> idmap config UR : backend = ad
> idmap config UR : range = 1000-350000
> idmap config UR : unix_nss_info = yes
> Is it good ?
>
You ignore the 'ldap', Samba will not 'talk' to it.
You are running Samba with 'security = ADS' and it is a member of the
'UR' NetBIOS domain. This means that 'winbind' will look for and use
the AD DCs in the 'UR' domain, it will not look for or use any other
ldap.
You may have a problem here, AD uses the ldap ports '389', '636',
'3268' and '3269', ldap by default also uses '389' and '636'. You
cannot have two programs using the same ports.
I think you have a couple of options here:
1) Move everything that is in ldap to AD and then turn the ldap off.
2) Move the ldap to another machine and then somehow sync the users
(including passwords) & groups to AD.
Rowland
More information about the samba
mailing list