[Samba] winbind: uid range is ignored

[steve]

On 04/08/12 13:21, NdK wrote:
> Il 04/08/2012 12:00, steve ha scritto:
>
>>> You have many ways to obtain that "same mapping" objective. I chose to
>>> use rid 'cause I couldn't modify my AD schema. But the preferred way is
>>> extend AD schema and specify there the UIDs and GIDs.
>> You don't have to extend the schema. You can store all the rfc2307
>> attributes and objects (posixAccount, posixGroup, uidNumber,gidNumber. .
>> .) in the m$ schema that ships with S4.
> Too bad my AD controllers are M$ W2k3, w/o rfc2307 extension :( That's
> why I'm stuck with rid.
>

Hi Diego.

Ah I see. I didn't mean to offend. I simply assumed you were using 
Samba4. I think m$ gave them the 2008 schema as a result of a court 
case. That _does_ have rfc2307.

With your and Geza's help I think I'm finally getting somewhere.

>> My aim is to have:
>> idmap config : MYDOMAIN : backend = ad
>> and
>> idmap config : MYDOMAIN : range = abc-def
>>
>> recognised and with the uidNumber and gidNumber attributes being pulled
>> from AD rather than any other mapping. To this end I have a test user
>> user object with:
>> objectClass: posixAccount
>> uidNumber: xyz
>> gidNumber abc
>>
>> and a test group object:
>>
>> objectClass: posixGroup
>> gidNumber: abc
>>
>> I assume that with the ad backend both the user and group will come from
>> AD and not idmap.
> Well, idmap queries its backend for the mapping.
>
>> Just waiting for the test lan to install and compile a totally new
>> openSUSE 12.1 with Samba4 and a vBox openSUSE client, also fresh install.
>>
>> How am I doing?
> Should work at the first try.

Really need this one. I have to compare winbind with nss-ldapd to do 
this stuff. Have the latter going fine.

  But someone else that already used S4 and
> AD backend can confirm for sure. :)
>
Hope so. There must be someone else out there.

Cheers,
Steve