[Samba] Winbind & user ID's on multiple servers
TAKAHASHI Motonobu
monyo at monyo.com
Wed Mar 9 16:16:53 MST 2011
2011/3/10 Javier Conti <javier.conti at gmail.com>:
> On 9 March 2011 20:13, Mike Auleta <michael_auleta at condenast.com> wrote:
>> We're looking at setting up Linux Authentication to our AD servers using
>> winbind and need to know if there is a way to keep all the user IDs in
>> sync across the Linux servers. The way I see it now, the user ID is
>> assigned numerically depending on the order users log in to a server.
>> Could make for issues if NFS mounted directories are involved.
>
> Hi, I'm using AD 2008 R2 as PDC, and have been successful using the
> following configuration in /etc/samba/smb.conf on the client:
>
> [global]
(snip)
> idmap backend = ad
> idmap config MYDOMAIN : backend = ad
> idmap config MYDOMAIN : range = 10000 - 20000
> idmap config MYDOMAIN : schema_mode = rfc2307
> winbind nss info = rfc2307
>
> Since this configuration uses the Posix attributes found in the
> rfc2307 schema, I have the uidNumber attribute of users and the
> gidNumber attribute of groups populated with the IDs used in Unix (and
> in the range between 10000 and 20000).
"idmap backend" should be a "writeable" backend such as tdb or ldap.
Anyway, to synclonize UID, you can also use "rid" or "ldap" instead of "ad".
If you simply want to sync UIDs, "rid" is a better choice, I think.
For example:
idmap config DOMAIN:range = 1000000 - 1999999
idmap config DOMAIN:base_rid = 0
idmap config DOMAIN:backend = rid
Please refer to manpages in the detail.
---
TAKAHASHI Motonobu <monyo at monyo.com>
More information about the samba
mailing list