SUSE Linix 11.2 LDAP to AD
david.pavetto at hp.com
Thu Jul 11 08:59:24 MDT 2013
I did use the Yast to set this up and yes we are using winbind, since I did use yast to set this up initially, so is there anything I need to do to remove idmap_tdb or will this just be completed within the samba.conf file, Just asking, want to understand going forward since we have a ton of servers to install and just want to script this out
Thanks for your patients
From: David Disseldorp [mailto:ddiss at suse.de]
Sent: Wednesday, July 10, 2013 12:35 PM
To: Pavetto, David
Cc: samba-technical at lists.samba.org; Slaga, Joseph; Crawford, Vicki; Janssen, Brenda; Sogge, Jane; Spellman, Ron
Subject: Re: SUSE Linix 11.2 LDAP to AD
On Wed, 10 Jul 2013 16:04:10 +0000
"Pavetto, David" <david.pavetto at hp.com> wrote:
> I work for HP as a engineer/architect
> I have been working on a project that needs or wants LDAP from a SUSE Linux 11.2 to point to AD 2012. Authentication and automount works well, but we are having an issue passing the UID and GID from AD to the Linux serves. Every time I login I get a UID over 10000 the same with the UID.
> What I need is for the GID and UID to match what is AD.
> I am using Samba for authentication
> Is there a file that states this, beside the samba.conf file
> Has anyone come across this before and is there a fix for it.
It's difficult to provide a solution without seeing more configuration
details. I'll assume that you're using winbind for AD authentication and
When configured via YaST, Samba uses the idmap_tdb idmap backend. This
backend does not take into account the rfc2307 UID and GID attributes
defined in AD, instead it allocates these values to corresponding Windows
SIDs within the configured idmap range on a first-come first-served basis.
idmap_ad can instead be configured to pull these values from AD. See the
idmap_ad man page for details.
More information about the samba-technical