[Samba] how to join to AD ?
Diego Zuccato
diego.zuccato at unibo.it
Mon Dec 7 01:03:44 MST 2009
mistofeles wrote:
> There is these lines in smb.conf and I have found no good information about
> them:
> idmap uid = 10000-2000000
> idmap gid = 5000-2000000
>
> idmap config MY_DOMAIN:range = 1000 - 300000000
If you want to avoid troubles, keep the values coherent. In a
single-domain, if you don't need a consistent mapping of the users
across different clients (for example to have multiple clients access a
NFS server) you can keep the range quite limited. If you need consistent
mapping, you can use RID backend -- but you'll have to use a wide range
to avoid collisions.
> It seems that the users get their local UID / GUID as 10000 / 5000 or above
> as set in 'idmap uid' and 'idmap gid'.
>
> What is the meaning of this 'idmap config MY_DOMAIN:range' and how should I
> set it ?
The same as idmap uid. Or just remove that line.
> I have a right to join a PC to our domain. Before I could do that, I had to
> adduser myself in my server with the username I have in the domain. After
> that 'kinit' and 'net ads join' work.
Try using
kinit user.name at FULL.UPPERCASE.REALM
After that, you'll use "net ads join -U user.name"
> BTW: is krb5 necessary for the authentication ?
pam_krb5 is not -- winbind handles it. But it needs krb5 client libs.
--
Diego Zuccato
Servizi Informatici
Dip. di Astronomia - Università di Bologna
Via Ranzani, 1 - 40126 Bologna - Italy
tel.: +39 051 20 95786
mail: diego.zuccato at unibo.it
More information about the samba
mailing list