[Samba] Samba4 member of an another « Samba4 » domain

François Lafont flafdivers at free.fr
Sat Apr 13 17:37:37 MDT 2013 

Hello,

Le 13/04/2013 20:24, steve a écrit :

> You still have to add the objects. Yourself!

Ok, if I understand, after a provision of a domain with samba-tool and the "--use-rfc2307" option, samba4 can support posixaccount etc. in its database, but I have to add the object class and the mandatory attributes myself.

But, after this:

-------------------------------------------
samba-tool domain provision --realm=CHEZMOI.PRIV --domain=CHEZMOI \
    --server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass='+toto123' \
    --use-rfc2307

ln -s /usr/local/samba/lib/libnss_winbind.so /lib/libnss_winbind.so
ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2

# I had winbind in nsswitch.conf
sed -i -r -e 's/^(passwd:.*)$/\1 winbind/g' -e 's/^(group:.*)$/\1 winbind/g' /etc/nsswitch.conf

samba
-------------------------------------------

I have a few users and groups which are already created:

# wbinfo -u
Administrator
Guest
krbtgt

# wbinfo -g
Enterprise Read-Only Domain Controllers
Domain Admins
Domain Users
Domain Guests
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Group Policy Creator Owners
Read-Only Domain Controllers
DnsUpdateProxy

Must I add "objectclass: posixAccount", "uid:...", uidNumber:..." etc. entries for each account above?
And must I add "objetclass: posixGroup", "gidNumber: ..." etc. entries for each group above?

Which uid/gid numbers should I use?

Without "posixAccount" "uid" "uidNumber" etc. entries, the domain accounts are automatically already allied to a uid number that I can see with "getent passwd":

# getent passwd Guest
CHEZMOI\Guest:*:3000011:3000012::/home/CHEZMOI/Guest:/bin/false

uid=3000011 although I have done no change in the Guest account.

How choose Samba these uid/gid numbers (e.g 3000011/3000012) and how can I choose my uid/gid numbers in order that there is never conflict with uid/gid choose automatically by Samba?

Another problem: just after provision, the /usr/local/samba/var/locks/sysvol/ repository is already created with particulary settings regarding the unix rights and the alc (with particulary uid/gid numbers). Must I change the (unix/acl) rights of this repository too ?

> There's another thread
> here at the moment about how or how not to do that.

Where? I don't see it. Personally, I never succeed in the "rfc2307" working, until now.
My purpose is to have the same uid/gid numbers between 2 samba4 servers.

-- 
François Lafont

More information about the samba mailing list