[Samba] Winbind backend = ldap pull uid-number and gid-number ldap values ?
Rowland Penny
rowlandpenny at googlemail.com
Thu Dec 5 04:16:40 MST 2013
On 04/12/13 22:42, Werthmuller, Derek wrote:
> There are no local system uid or gid numbers less than 500 on this system so it will be fine.
> Removed the space as suggested. idmap config DOM : range = 500-2000
>
> Any other suggestions to get this working?
OK, lets try plan B
yum install sssd
authconfig --enablesssd --enablesssdauth --enablelocauthorize --update
Edit /etc/sssd/sssd.conf to look similar to this
[sssd]
config_file_version = 2
services = nss, pam
domains = default
[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
[pam]
[domain/default]
cache_credentials = True
enumerate = false
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
access_provider = ldap
krb5_server = DC1.example.com
krb5_kpasswd = DC1.example.com
krb5_realm = EXAMPLE.COM
ldap_referrals = false
ldap_schema = rfc2307bis
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true
ldap_user_object_class = user
ldap_user_name = sAMAccountName
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = DC1$@EXAMPLE.COM
ldap_krb5_init_creds = true
Change the passwd and group sections of /etc/nsswitch.conf to be "files
sss".
service sssd restart
edit the nscd conf file (etc/nscd.conf I believe) and set passwd &
groups cache to no
Remove these lines from smb.conf:
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> idmap_ldb : use rfc2307 = yes
> idmap config DOM : range = 500 - 2000 # range winbind has authority over to set.
> idmap config DOM : backend = ad
> idmap config * : range = 1000000-1999999 # range for entries if winbind can't find proper #
> idmap config * : backend = tdb
>
restart Samba
Getent should now show both local and domain, users & groups.
Rowland
More information about the samba
mailing list