[Samba] Mapping Attributes While Using Winbind?

TAKAHASHI Motonobu monyo at monyo.com
Fri Sep 9 19:43:44 MDT 2011

From: "Wojtak, Greg" <GregWojtak at quickenloans.com>
Date: Fri, 9 Sep 2011 14:47:53 +0000

> I'm working on testing out using winbind in our environment for user
> info and authentication.  Our 2K8 R2 AD DS set up has all of the
> rfc2307 attributes populated for objects that need to appear on the
> Unix machines and everything is working splendidly.  One thing I'd
> like to know is, we have some instances where users' AD accounts are
> not the same as their unix id's (matching them up at this point is
> not an option).  Is there a way to tell winbind to look at the uid
> attribute in AD rather than the sAMAccountName for a Unix user name?

Try use idmap_id(8) and "winbind nssinfo = rfc2307".
The detail syntax is pretty different between Samba versions.

There is a sample suitable for Samba 3.3.0 - Samba 3.5.X, 

  idmap config YOURDOMAIN:backend = ad
  idmap config YOURDOMAIN:schema_mode = rfc2307
  idmap config YOURDOMAIN:range = xxxxx-xxxxx
  winbind nss info = rfc2307

then, these attributes are retrieved from AD: uid, gid, shell,

If you are not satisfied, then as you said:

> If not, I can simply use the LDAP interface into AD for those
> systems, but I'd like to try and keep everything consistent, if
> possible.

configure nss_ldap to retrieve informations from AD, and

TAKAHASHI Motonobu <monyo at samba.gr.jp>

More information about the samba mailing list