[Samba] winbind: how to fix uid/SID mapping following migration to a new DC
jyavenard at gmail.com
Wed Dec 7 18:49:01 MST 2011
On 7 December 2011 22:06, Jean-Yves Avenard <jyavenard at gmail.com> wrote:
> Is there a way to make so the uid/SID are matched in such a way that a
> username keeps the same uid as before.
> For example, editing on the domain controller the ldap entries that
> contain the uid/SID map or something like that (just thinking out loud
Amending this troubleshooting.
Unix extension has been added to the active directory, and the
uidNumber for each user have been added in order to match the previous
uid as discovered by winbind.
smb.conf was amended as follow:
winbind use default domain = Yes
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
winbind refresh tickets = Yes
winbind offline logon = Yes
winbind nss info = rfc2307
allow trusted domains = No
idmap uid = 1000-1999999
idmap gid = 1000-1999999
idmap backend = ad
idmap config ALLORATECH : backend = ad
idmap config ALLORATECH : range = 1000-999999
idmap config ALLORATECH : schema_mode = rfc2307
Looking at the winbind_ad module, it seems to me that should the nss
info and schema mode be set to rfc2307 ; it should use the uidNumber
entry for determining the uid of the user.
However, winbind still assign the RID + 10000 for the user's uid...
Is there a way to tell winbind precisely which uid to use ? what am I missing?
More information about the samba