[Samba] ADS Domain Member smb.conf using idmap_ad
TAKAHASHI Motonobu
monyo at monyo.com
Sun Dec 11 06:20:08 MST 2011
From: Freeman <flo at email.unc.edu>
Date: Wed, 23 Nov 2011 10:37:05 -0500
> On 11/23/2011 08:44 AM, TAKAHASHI Motonobu wrote:
> > From: Freeman<flo at email.unc.edu>
> > Date: Wed, 23 Nov 2011 08:17:55 -0500
> >
> >>> Have you already set values into "UNIX attributes" for every user you
> >>> want to "activate" under Winbind.
> >> I believed on the windows side, the windows admin had already mapped the
> >> unix user uid/gid to the windows domain via some windows/unix converter
> >> tool.
> > You need to confirm what was done, I think.
> The unix ID which were mapped to the windows domain on the server 2008
> RC 2 are all from central campus user ID, not the user ID local to me
> where i have set up a small NIS service for the 25 people i support.
> > If you keep current uid/gids maintained by NIS, you should use
> > idmap_ad(8). If not, idmap_rid(8) is easy to configure.
> >
> thank you again in explaining to be the difference. i am about 99%
> certain i would have to go with idmap_ad since the uid/gid from
> groups/passwd files are manually added into campus's windows active
> directory.
If you want to use UID/GID maintained on UNIX side (/etc/passwd, NIS,
LDAP, ...), you should use idmap_nss instead of idmap_ad and ask to
stop "windows/unix converter tool" to Windows admin. Then the UID/GID
maintained on UNIX side will be used.
If you still want to use idmap_ad, you must not explicitly create
those users maintained by Winbind. They should be automatically
created by Winbind.
> my apologies, i am lacking skills on the understanding of windows
> domain. Campus is running 2008 RC2 server. so, rfc2307 will work for me
> instead of sfu ?
Anyway, you have to know what was done on Windows side. If you do not
want bother Windows admin, using idmap_nss is better.
---
TAKAHASHI Motonobu<monyo at samba.gr.jp>
More information about the samba
mailing list