[Samba] how to join to AD ?

Diego Zuccato diego.zuccato at unibo.it
Mon Dec 7 01:03:44 MST 2009


mistofeles wrote:

> There is these lines in smb.conf and I have found no good information about
> them:
>  idmap uid = 10000-2000000  
>  idmap gid = 5000-2000000  
> 
>  idmap config MY_DOMAIN:range = 1000 - 300000000
If you want to avoid troubles, keep the values coherent. In a 
single-domain, if you don't need a consistent mapping of the users 
across different clients (for example to have multiple clients access a 
NFS server) you can keep the range quite limited. If you need consistent 
mapping, you can use RID backend -- but you'll have to use a wide range 
to avoid collisions.

> It seems that the users get their local UID / GUID as 10000 / 5000 or above
> as set in 'idmap uid' and 'idmap gid'.
> 
> What is the meaning of this  'idmap config MY_DOMAIN:range' and how should I
> set it ?
The same as idmap uid. Or just remove that line.

> I have a right to join a PC to our domain. Before I could do that, I had to
> adduser myself in my server with the username I have in the domain. After
> that 'kinit' and 'net ads join' work.
Try using
kinit user.name at FULL.UPPERCASE.REALM

After that, you'll use "net ads join -U user.name"

> BTW: is krb5 necessary for the authentication ?
pam_krb5 is not -- winbind handles it. But it needs krb5 client libs.

-- 
Diego Zuccato
Servizi Informatici
Dip. di Astronomia - Università di Bologna
Via Ranzani, 1 - 40126 Bologna - Italy
tel.: +39 051 20 95786
mail: diego.zuccato at unibo.it


More information about the samba mailing list