[Samba] idmap_ad - GID
Aiko Barz
aiko at deepco.de
Thu Jun 26 16:05:38 GMT 2008
On Thu, Jun 26, 2008 at 09:25:41AM -0400, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Aiko Barz wrote:
> > Hi,
> >
> > what is the GID of an Active Directory user?
> >
> > a) Is it the GID, you can see within the Active Directory UNIX Tab?
>
> Set "winbind nss info = {sfu,rfc2307}" depending on your supported
> schema
idmap domains = DOMAIN
idmap config DOMAIN:backend = ad
idmap config DOMAIN:default = yes
idmap config DOMAIN:range = 0-1000000 ; I know, it's a bad thing
idmap config DOMAIN:schema_mode = rfc2307
winbind enum users = Yes
winbind cache time = 86400
winbind enum groups = Yes
winbind nss info = rfc2307
;winbind trusted domains only = yes
;winbind nested groups = yes
winbind use default domain = Yes
; winbind normalize names = yes
> > b) Is it the GID of the primary windows group?
>
> This is the default behavior.
How do I switch this behavior? Sometimes "getent passwd $USER" and
"getent passwd | grep $USER" are showing different GIDs. (nscd is not
installed.)
Removing the GID from primary windows group does not seem to be an option,
because of this hard dependency here:
https://bugzilla.samba.org/show_bug.cgi?id=3546
So long,
Aiko
--
:wq ✉
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba/attachments/20080626/fa12e06c/attachment.bin
More information about the samba
mailing list