[Samba] Winbind backend = ldap pull uid-number and gid-number ldap values ?
dwerthmu at ctg.albany.edu
Wed Dec 4 12:02:17 MST 2013
Got part of it working, seems the gidnumber is not being pulled properly through. Here is the member server smb.conf
Note idmap config DOM : range = 500 - 2000 is the number space where all my uidnumbers and gidnumbers are.
Currently a getent passwd retrieves the list of users and displays the proper uid, but the gidnumber is in the outer range.
Username:*:500:100::/exports/users/%U:/bin/bash <- this is not correct group # - it should be 500
I wonder if I need to clear a windbind cache? Net cache flush the correct way to do this on the member server?
An ldapsearch of the ad directory to verify that the proper uid and gid are stored for that user reveals that they are.
workgroup = DOM
realm = DOM.EXAMPLE.COM
server string = Samba Server Version %v
security = ADS
log file = /var/log/samba/log.%m
max log size = 50
template homedir = /exports/users/%U
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap_ldb : use rfc2307 = yes
idmap config DOM : range = 500 - 2000 # range winbind has authority over to set.
idmap config DOM : backend = ad
idmap config * : range = 1000000-1999999 # range for entries if winbind can't find proper #
idmap config * : backend = tdb
cups options = raw
From: Rowland Penny [mailto:rowlandpenny at googlemail.com]
Sent: Tuesday, December 03, 2013 4:30 PM
To: Werthmuller, Derek; samba at lists.samba.org
Subject: Re: [Samba] Winbind backend = ldap pull uid-number and gid-number ldap values ?
On 03/12/13 21:07, Werthmuller, Derek wrote:
> If I use sudo samba-tool user add <username> --uid-number=5000 and manually ad the gid-number via ldapadd to the Samba AD, does the winbind backend=ldap make use of those values? Or does it just use LDAP to retrieve the sAMAccountName and primaryGroupID ?
> Derek Werthmuller
> Director of Technology Innovation and Services Center for Technology
> in Government
Hi, you can use samba-tool to add the gidNumber in the same way as adding the uidNumber, but I think that you are mixing up gidNumber and primaryGroupID, they are separate things. gidNumber being the users Linux group and primaryGroupID being the users primary window group.
Winbind can be setup to extract the values that you require, but the backend would be ADS i.e.
idmap config WORKGROUP:backend = ad
I think it might help if you posted what version of samba 4 you are using, what version of samba you want to connect to the AD and the relevant conf files you think you should be using, then we can try to get you up and running.
More information about the samba