[Samba] RFC2307, AD, and Samba 3.6
Nick Triantos
nick at triantos.com
Thu Aug 9 15:11:00 MDT 2012
Hi all,
I'm still struggling with getting samba 3.6 to use the uids and gids from my Active Directory 2008 R2 setup. I can see the users, I just can't get their UIDs mapped onto my linux machine.
I've configured AD to use it's "services for unix" feature, and through that, I got a "Unix Attributes" tab where I could enter fields like uid, home dir, shell, and primary GID.
My few questions:
1. Am I supposed to configure Samba to use rfc2307, or sfu?
2. As you can see in my config, below, I've configured an idmap range for the AD domain. It seems to be ignored, and instead, my users get placed in the wildcard domain's idmap range.
3. I found some advice (don't remember where) to try to delete these files when I change this part of my config:
/var/run/samba/gencache*
/var/cache/samba/winbindd_cache.tdb
/var/lib/samba/winbindd_idmap.tdb
Any thoughts about the need/value to delete these temp files is appreciated.
4. Finally, does anyone have suggestions of other things I can try?
thanks very much.
best,
-Nick
[global] (from my smb.conf)
workgroup = CORP
server string = %h server (Samba, Ubuntu)
security = ADS
realm = CORP.xxx.COM
allow trusted domains = yes
winbind use default domain = yes
winbind nested groups = YES
winbind nested groups = YES
winbind enum groups = yes
winbind enum users = yes
winbind nss info = rfc2307
winbind refresh tickets = yes
idmap config CORP : backend = ad
idmap config CORP : schema_mode = rfc2307
#idmap config CORP : range = 1000 - 99999
idmap config * : default = yes
#idmap config * : backend = tdb
#idmap config * : range = 100000 - 199999
idmap config * : range = 900 - 1999
encrypt passwords = true
obey pam restrictions = yes
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = true
restrict anonymous = 2
When I perform an ldapsearch against my server, I see these attributes, among others:
msSFU30Name: nick
msSFU30NisDomain: corp
uidNumber: 1001
gidNumber: 1000
unixHomeDirectory: /home/nick
loginShell: /bin/bash
More information about the samba
mailing list