[Samba] samba4 DC, internal winbind_server: external idmap problem
Rowland Penny
rowlandpenny at googlemail.com
Sat Dec 7 08:34:41 MST 2013
On 07/12/13 13:57, Andy Igoshin wrote:
> Hi!
>
>
> i run samba 4.1.2 in DC mode. win7 client joined to this domain
> successfully.
>
> now i try to configure external idmap.
> i would like it to use our existing ldap server:
>
> idmap config DOM : backend = rfc2307
> idmap config DOM : range = 1110000-1119999
> idmap config DOM : ldap_server = stand-alone
> idmap config DOM : ldap_url = ldap://ldap.domain.ru
> idmap config DOM : ldap_user_dn = uid=ldapmaster,cn=ldap.domain.ru
> idmap config DOM : bind_path_user = cn=dom.domain.ru
> idmap config DOM : bind_path_group = cn=dom.domain.ru
> idmap config DOM : cache time = 1800
> winbind nss info = rfc2307
>
>
> i created a user 'test2' in samba DC.
> in ldap.domain.ru there is the user uid=test2,cn=dom.domain.ru with
> such attributes:
> uidNumber = 1113535
> gidNumber = 1113535
> objectSid = S-1-5-21-1982177496-2241683161-2840224108-1106 (i got it
> from samba DC)
>
> when i run wbinfo to get user's info i expect it to go to
> ldap.domain.ru. but it does not happen. it looks like wbinfo
> returns values from internal automatic idmap.
>
> # wbinfo -S S-1-5-21-1982177496-2241683161-2840224108-1106
> 3000019
> # wbinfo -U 1113535
> S-1-22-1-1113535
>
> do i misunderstand something?
Yes, quite a lot
> is it possible to use idmap in such mode?
No, there is no 'idmap config DOM : backend = rfc2307' for instance and
I have never heard of anybody trying what you are suggesting
You want to use AD but get the users info from an LDAP server, I do not
think this will ever work.
I would suggest that you start here:
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
Rowland
>
>
>
> Regards,
>
More information about the samba
mailing list