[Samba] Re: Enabling 'idmap backend = ad' for user auth

Rex Dieter rdieter at math.unl.edu
Fri Feb 3 13:21:43 GMT 2006


McGlorfin wrote:
> I'm using Samba 3.0.21a on Fedora Core 3 to authenticate against an AD 
> domain. The box running AD is Win2k3 R2, so AD has the RFC2207 schema 
> extensions applied.

Really?  I thought installing SFU on the domain controller is/was still 
required, no?  (What's R2?)

> I'm pretty sure there's an error in my smb.conf. (What else could it 
> be?) Here are the relevant entries from the global section:
>         workgroup = MYDOMAIN
>         realm = MYDOMAIN.LOCAL
>         security = ADS
>         idmap backend = ad
>         idmap uid = 300000-30000000
>         idmap gid = 300000-30000000
...
>         winbind nss info = template, sfu
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Not absolutely sure, but docs I've seen say to set this to
winbind nss info = sfu
Not sure what the template bit is used for.



More information about the samba mailing list