[Samba] IDMAP question
Mike Leone
turgon at mike-leone.com
Wed Apr 7 13:38:38 MDT 2010
I have a Samba 3.4.0 server (from Ubuntu 9.04), as a member server in my
Win2003 AD (which has MS Services for Unix 3.5 installed). All seems
well, in that it is properly joined to my AD, I've got it all configured
so that domain members can log into the Linux servers using their domain
credentials.
Here's my config:
# WINBIND
# idmap domains = DACRIB
idmap config DACRIB: default = true
idmap uid = 10000-20000
idmap gid = 10000-20000
idmap config DACRIB:schema_mode = rfc2307
2 questions:
1. I had to comment out "idmap domains = DACRIB", as it said it was an
unknown parameter. Isn't that the proper format to list the AD domain
for idmapping?
2. If I understand it correctly, "idmap config DACRIB:RID=10000-20000"
equivalent to what I have above? Would that give me any capabilities
that my "default = true" does not give me? (I'd have to change "passdb
backend = tdbsam" to .. what?)
smb.conf follows:
[global]
workgroup = DACRIB
realm = DACRIB.LOCAL
server string = %h server (Samba %v, Domain: %D, Server: %L -%R)
security = ADS
map to guest = Bad User
client use spnego = true
client ntlmv2 auth = yes
# PAM AUTH
encrypt passwords = Yes
obey pam restrictions = Yes
pam password change = true
password server = dim-win2300.DaCrib.local
passdb backend = tdbsam
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
log level = 1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
preferred master = No
domain master = No
local master = No
os level = 2
; browse list = Yes
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
# WINBIND
# idmap domains = DACRIB
idmap config DACRIB: default = true
idmap uid = 10000-20000
idmap gid = 10000-20000
idmap config DACRIB:schema_mode = rfc2307
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
winbind nested groups = Yes
winbind refresh tickets = true
winbind nss info = rfc2307
winbind separator = +
template homedir = /home/%D/%u
template shell = /bin/bash
invalid users = root
create mask = 0700
directory mask = 0775
writable = Yes
enable privileges = Yes
restrict anonymous = 2
wide links = no
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[OldHome]
comment = The Old Home Folder
read only = No
path = /OldHome
More information about the samba
mailing list