[Samba] [INTERNET] Re: Samba 4 DC - idmap config on a samba 4 member server

BOTZ Franck (Informaticien) - DDT 67/SG/MGI/CI franck.botz at bas-rhin.gouv.fr
Thu Feb 21 04:32:18 MST 2013 

Hello

I test your solution but if "getent" return all users and groups (AD + 
local), all have the same UID/GID. Strange ...

This morning I commented idmap config DDCS67:range = 500-40000 and it 
works !! ADs users/groups

    idmap config *:backend = tdb
    idmap config *:range = 70000-79999
    idmap config DDCS67:backend = ad
    idmap config DDCS67:schema_mode = rfc2307
    #idmap config DDCS67:range = 500-40000

    winbind nss info = rfc2307
    winbind trusted domains only = no
    winbind use default domain = Yes
    winbind enum users  = yes
    winbind enum groups = yes

user1:*:70001:70001:user1l:/data/individuel/DDCS67/user1:/bin/false
user2:*:70002:70001:user2:/data/individuel/DDCS67/user2:/bin/false
user3:*:70011:70001:user3:/data/individuel/DDCS67/user3:/bin/false
administrator:*:70003:70001:Administrator:/data/individuel/DDCS67/administrator:/bin/false
user4:*:70004:70001:user4:/data/individuel/DDCS67/user4:/bin/false
user5:*:70005:70001:user5:/data/individuel/DDCS67/user5:/bin/false

It's good but I don't understand why

Franck


Le 21/02/2013 08:21, "> Hervé Hénoch (par Internet)" a écrit :
> Hello Franck
>
> I had the same problem. When I removed "config" in the two lines, 
> getent group worked.
>
> idmap config *:backend = tdb
> idmap config *:range = 70001-80000
>
> For the role of idmap you can read : 
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html
>
> Regards
>
> Le 20/02/2013 21:39, BOTZ Franck (Informaticien) - DDT 67/SG/MGI/CI a 
> écrit :
>> Without idmap line, it work too.
>>
>> [global]
>>
>> workgroup = DDCS
>> security = ADS
>> realm = DDCS.LOCAL
>> encrypt passwords = yes
>>
>> # idmap config *:backend = tdb
>> # idmap config *:range = 70001-80000
>> # idmap config DDCS:backend = ad
>> # idmap config DDCS:schema_mode = rfc2307
>> # idmap config DDCS:range = 500-40000
>>
>> winbind nss info = rfc2307
>> winbind trusted domains only = no
>> winbind use default domain = yes
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> What is the really role of idmap's line ?
>>
>> I have of to miss something
>

More information about the samba mailing list