idmap_ad group id mapping.
Nimrod Sapir
NIMRODS at il.ibm.com
Wed Jul 11 10:46:33 MDT 2012
Hi
When using id mapping with SFU for domain users, I've noticed that Samba
tries to map the SID of the group defined as "primary group" for that user
to a GID. However, there is no guarantee that this group has a gid
defined, and if it does not, the mapping fails and the user cannot access
the share.
However, in Active directory with SFU extension there is also the "primary
group name/GID" field which always contains a GID or a group name with GID
defined, and must be defined for a user which has UID in the scheme. So, I
guess that there should be a way to use this field instead of the "primary
group" field in the "member of" tab.
I believe there is also an open samba bug detailing the same problem:
https://bugzilla.samba.org/show_bug.cgi?id=8694
Is that an expected behavior? Is this a configuration issue? open bug?
I am using Samba build 3.6.0-GIT-5b1b65c-devel. The relevant entries in
my smb.conf file are:
security = ads
realm = SMBTEST.XIV.COM
winbind enum users = no
winbind enum groups = no
winbind use default domain = no
idmap config * : range = 100000-200000
idmap config * : backend = tdb
idmap config SMBTEST:backend = ad
idmap config SMBTEST:schema mode = rfc2307
idmap config SMBTEST:range = 200000 - 300000
Thanks!
Nimrod Sapir
IBM - XIV, Israel
NAS Development Team
Office: +972-3-689-7763
Cell: +972-54-7726-320
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1338 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120711/b0739bc9/attachment.gif>
More information about the samba-technical
mailing list