[Samba] RFC2307, AD, and Samba 3.6

Nick Triantos nick at triantos.com
Thu Aug 9 15:11:00 MDT 2012


Hi all,

I'm still struggling with getting samba 3.6 to use the uids and gids from my Active Directory 2008 R2 setup. I can see the users, I just can't get their UIDs mapped onto my linux machine.

I've configured AD to use it's "services for unix" feature, and through that, I got a "Unix Attributes" tab where I could enter fields like uid, home dir, shell, and primary GID.

My few questions:

1. Am I supposed to configure Samba to use rfc2307, or sfu?
2. As you can see in my config, below, I've configured an idmap range for the AD domain. It seems to be ignored, and instead, my users get placed in the wildcard domain's idmap range.
3. I found some advice (don't remember where) to try to delete these files when I change this part of my config:
	/var/run/samba/gencache*
	/var/cache/samba/winbindd_cache.tdb
	/var/lib/samba/winbindd_idmap.tdb
    Any thoughts about the need/value to delete these temp files is appreciated.
4. Finally, does anyone have suggestions of other things I can try?

thanks very much.

best,
-Nick

[global]   (from my smb.conf)
   workgroup = CORP
   server string = %h server (Samba, Ubuntu)

   security = ADS
   realm = CORP.xxx.COM
   allow trusted domains = yes
   winbind use default domain = yes
   winbind nested groups = YES
   winbind nested groups = YES
   winbind enum groups = yes
   winbind enum users = yes
   winbind nss info = rfc2307
   winbind refresh tickets = yes
   idmap config CORP : backend = ad
   idmap config CORP : schema_mode = rfc2307
   #idmap config CORP : range = 1000 - 99999
   idmap config * : default = yes
   #idmap config * : backend = tdb
   #idmap config * : range = 100000 - 199999
   idmap config * : range = 900 - 1999

   encrypt passwords = true

   obey pam restrictions = yes
   client use spnego = yes
   client ntlmv2 auth = yes
   encrypt passwords = true
   restrict anonymous = 2

When I perform an ldapsearch against my server, I see these attributes, among others:

msSFU30Name: nick
msSFU30NisDomain: corp
uidNumber: 1001
gidNumber: 1000
unixHomeDirectory: /home/nick
loginShell: /bin/bash



More information about the samba mailing list