[Samba] Failing to get uids from AD
Jonathan Buzzard
jonathan at buzzard.me.uk
Mon Jul 16 02:57:05 MDT 2012
On 14/07/12 17:50, Nick Triantos wrote:
> Hi,
>
> I'm still having trouble getting Samba 3.6.3 / Winbind to fetch UIDs from AD 2008 R2 with the Services for Unix feature installed. My users have uidNumber fields which contain the UIDs I want. I'm on Ubuntu 12.04
>
> The global part of my smb.conf. I've tried changing 'winbind nss info' and 'schema_mode' to sfu as well.
>
> security = ADS
> realm = CORP.mycompany.COM
> allow trusted domains = yes
> winbind use default domain = yes
> winbind nested groups = YES
> winbind enum groups = yes
> winbind enum users = yes
> winbind nss info = rfc2307
> winbind refresh tickets = yes
> idmap config CORP : backend = ad
> idmap config CORP : schema_mode = rfc2307
> #idmap config * : backend = tdb
> idmap config * : default = yes
> idmap config * : range = 900 - 99999
>
There is no range here for the ad backend. From what I have determined
empirically is that you need to specify ranges for both that don't
overlap. That said this is now covered in the manual page, but it is
vitally important and it won't work properly without it. What I do is
specify a small range really high up well out of the way of anything
being allocated in the AD for the tdb backend.
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
More information about the samba
mailing list