[Samba] samba4 DC, internal winbind_server: external idmap problem
rowlandpenny at googlemail.com
Sat Dec 7 08:34:41 MST 2013
On 07/12/13 13:57, Andy Igoshin wrote:
> i run samba 4.1.2 in DC mode. win7 client joined to this domain
> now i try to configure external idmap.
> i would like it to use our existing ldap server:
> idmap config DOM : backend = rfc2307
> idmap config DOM : range = 1110000-1119999
> idmap config DOM : ldap_server = stand-alone
> idmap config DOM : ldap_url = ldap://ldap.domain.ru
> idmap config DOM : ldap_user_dn = uid=ldapmaster,cn=ldap.domain.ru
> idmap config DOM : bind_path_user = cn=dom.domain.ru
> idmap config DOM : bind_path_group = cn=dom.domain.ru
> idmap config DOM : cache time = 1800
> winbind nss info = rfc2307
> i created a user 'test2' in samba DC.
> in ldap.domain.ru there is the user uid=test2,cn=dom.domain.ru with
> such attributes:
> uidNumber = 1113535
> gidNumber = 1113535
> objectSid = S-1-5-21-1982177496-2241683161-2840224108-1106 (i got it
> from samba DC)
> when i run wbinfo to get user's info i expect it to go to
> ldap.domain.ru. but it does not happen. it looks like wbinfo
> returns values from internal automatic idmap.
> # wbinfo -S S-1-5-21-1982177496-2241683161-2840224108-1106
> # wbinfo -U 1113535
> do i misunderstand something?
Yes, quite a lot
> is it possible to use idmap in such mode?
No, there is no 'idmap config DOM : backend = rfc2307' for instance and
I have never heard of anybody trying what you are suggesting
You want to use AD but get the users info from an LDAP server, I do not
think this will ever work.
I would suggest that you start here:
More information about the samba