[Samba] ldap idmap backend
Vladimir Vassiliev
vova at edu.yar.ru
Thu Mar 17 08:25:07 MDT 2011
17.03.2011 17:12, Bruce Richardson пишет:
> On Thu, Mar 17, 2011 at 05:06:03PM +0300, Vladimir Vassiliev wrote:
>>> Why have you created a local computer domain, out of interest?
>>
>> I didn't do it, Samba did. Really I dunno how to "add" extra domain to Samba.
>> How can I delete this domain?
>
> Something did it. Was this machine a domain controller before it was
> joined to the CORP domain? Can you show us the idmap-related section of
> your samba config?
>
>
This happens with every host I join to domain, i.e. every host tries to create its own <SID-HOST>-513.
Whole smb.conf of newly installed host
[global]
workgroup = CORP
security = ADS
realm = CORP.EDU.YAR.RU
encrypt passwords = yes
load printers = no
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
idmap uid = 1000-30000
idmap gid = 1000-30000
idmap backend = ldap
winbind offline logon = yes
idmap backend = ldap:ldaps://<ldap host>/
ldap admin dn = cn=admin,dc=corp,dc=edu,dc=yar,dc=ru
ldap suffix = dc=corp,dc=edu,dc=yar,dc=ru
ldap idmap suffix = ou=idmap
ldap ssl = off
--
Vladimir Vassiliev
More information about the samba
mailing list