[Samba] ADS Domain Member smb.conf using idmap_ad
TAKAHASHI Motonobu
monyo at monyo.com
Wed Nov 23 04:59:38 MST 2011
From: Freeman <flo at email.unc.edu>
Date: Tue, 22 Nov 2011 16:47:01 -0500
> Greetings samba community,
>
> I am running samba version: Version 3.5.11-79. fc14. Trying to join
> linux servers to the windows 2003 domain by running winbind and smb. I
> have configured the following smb.conf file which worked but can't seem
> to understand why the uid is different from the windows side when the
> windows side has already mapped some kind of uid to the sid.
(snip)
> By omitting this "idmap config AD : range = range values" from my
> configuration, i am able to gain access to this server which join the
> windows domain from another linux machine. If i left it uncomment in my
> configuration, i can't seem to login to this machine.
(snip)
> [global]
> workgroup = ad
> password server = server1,server2,server3
> realm = myDomain.com
> security = ads
> allow trusted domains = no
> disable netbios = yes
>
> # this doesn't seem to work for some reason
> # i am trying to use idmap_ad
> # idmap backend = ad
> idmap backend = tdb
> idmap uid = 1000-5000000
> idmap gid = 1000-5000000
>
> idmap config AD : default = yes
> idmap config AD : cache time = 180
> idmap config AD : backend = ad
> # idmap config AD : range = 100001-200000
> idmap config AD : schema_mode = rfc2307
Have you already set values into "UNIX attributes" for every user you
want to "activate" under Winbind.
Setting "idmap backend = ad", uid/gid and some other values are gotten
from those in "UNIX attributes".
> If i were to log into this machine from another linux box and run the
> command 'id' i get the uid of 1000. When i try to run this command
> wbinfo -n flo on the member server, i get some other number:
>
> [root at moe samba]# wbinfo -n flo
> S-1-5-21-344340502-4252695000-2390403120-1236058 SID_USER (1)
uid/gid does not have nothing to do with SID/RID.
If you want to keep some relationship between RID and uid, use
idmap_rid(8) instead.
---
TAKAHASHI Motonobu <monyo at samba.gr.jp>
More information about the samba
mailing list