[Samba] Linux, Windows AD domain, and IDs

Jason Gerfen u0368839 at umail.utah.edu
Tue Dec 7 07:17:30 MST 2010

You should read up on the following smb.conf directives:
idmap uid
idmap gid
idmap domains
idmap config [domain]:backend
idmap config [domain]:default
idmap config [domain]:schema_mode
idmap config [domain]:range

Might be able to solve you problems.

On 12/06/10 22:27, Scott Ehrlich wrote:
> I have a Windows 200x AD Server and have a Linux box as a client
> connected to the Windows domain having modified the native Kerberos,
> smb.conf, and other files (not using Likewise).
> It logs in to the domain fine and everything is happy.
> There are NO local accounts in /etc/passwd except for the defaults out
> of the box.   Authentication relies on the accounts of the Windows
> server.
> I have no authority on the server except to add or remove computers.
> Login accounts take the form, for example, initials and a number: se123456
> I want my uid to reflect 123456.
> I spent about an hour or two playing with various configurations and
> options of idmap and winbind.   Along the way, some testing revealed:
> getent passwd my_ad_account returned almost all appropriate values,
> but the uid and gid were both 10000, clearly not correct.
> wbinfo -n my_ad_account returned my correct sid (I think that was the
> wbinfo syntax used.  In any event, whatever syntax I used for me
> returned the correct sid.
> So we know the system can see me - I just need the uid to be accurate.
> As an update, I need the uid to return the numeric portion of my
> ad_account username, so if I am se123456, I need the uid to return
> 123456, thus getent passwd would show se123456:x:123456:blah....
> Thanks.
> Scott


More information about the samba mailing list