SUSE Linix 11.2 LDAP to AD
ddiss at suse.de
Wed Jul 10 10:34:33 MDT 2013
On Wed, 10 Jul 2013 16:04:10 +0000
"Pavetto, David" <david.pavetto at hp.com> wrote:
> I work for HP as a engineer/architect
> I have been working on a project that needs or wants LDAP from a SUSE Linux 11.2 to point to AD 2012. Authentication and automount works well, but we are having an issue passing the UID and GID from AD to the Linux serves. Every time I login I get a UID over 10000 the same with the UID.
> What I need is for the GID and UID to match what is AD.
> I am using Samba for authentication
> Is there a file that states this, beside the samba.conf file
> Has anyone come across this before and is there a fix for it.
It's difficult to provide a solution without seeing more configuration
details. I'll assume that you're using winbind for AD authentication and
When configured via YaST, Samba uses the idmap_tdb idmap backend. This
backend does not take into account the rfc2307 UID and GID attributes
defined in AD, instead it allocates these values to corresponding Windows
SIDs within the configured idmap range on a first-come first-served basis.
idmap_ad can instead be configured to pull these values from AD. See the
idmap_ad man page for details.
More information about the samba-technical