[Samba] [INTERNET] Re: Samba 4 DC - idmap config on a samba 4 member server
Thomas Simmons
twsnnva at gmail.com
Thu Feb 21 04:40:17 MST 2013
I just recently dealt with these problems myself. I had the same issues
you've mentioned.
https://lists.samba.org/archive/samba/2012-December/170521.html
On Thu, Feb 21, 2013 at 6:32 AM, BOTZ Franck (Informaticien) - DDT
67/SG/MGI/CI <franck.botz at bas-rhin.gouv.fr> wrote:
> Hello
>
> I test your solution but if "getent" return all users and groups (AD +
> local), all have the same UID/GID. Strange ...
>
> This morning I commented idmap config DDCS67:range = 500-40000 and it
> works !! ADs users/groups
>
>
> idmap config *:backend = tdb
> idmap config *:range = 70000-79999
> idmap config DDCS67:backend = ad
> idmap config DDCS67:schema_mode = rfc2307
> #idmap config DDCS67:range = 500-40000
>
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = Yes
> winbind enum users = yes
> winbind enum groups = yes
>
> user1:*:70001:70001:user1l:/**data/individuel/DDCS67/user1:/**bin/false
> user2:*:70002:70001:user2:/**data/individuel/DDCS67/user2:/**bin/false
> user3:*:70011:70001:user3:/**data/individuel/DDCS67/user3:/**bin/false
> administrator:*:70003:70001:**Administrator:/data/**individuel/DDCS67/**
> administrator:/bin/false
> user4:*:70004:70001:user4:/**data/individuel/DDCS67/user4:/**bin/false
> user5:*:70005:70001:user5:/**data/individuel/DDCS67/user5:/**bin/false
>
> It's good but I don't understand why
>
> Franck
>
>
> Le 21/02/2013 08:21, "> Hervé Hénoch (par Internet)" a écrit :
>
> Hello Franck
>>
>> I had the same problem. When I removed "config" in the two lines, getent
>> group worked.
>>
>> idmap config *:backend = tdb
>> idmap config *:range = 70001-80000
>>
>> For the role of idmap you can read : http://www.samba.org/samba/**
>> docs/man/Samba-HOWTO-**Collection/idmapper.html<http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html>
>>
>> Regards
>>
>> Le 20/02/2013 21:39, BOTZ Franck (Informaticien) - DDT 67/SG/MGI/CI a
>> écrit :
>>
>>> Without idmap line, it work too.
>>>
>>> [global]
>>>
>>> workgroup = DDCS
>>> security = ADS
>>> realm = DDCS.LOCAL
>>> encrypt passwords = yes
>>>
>>> # idmap config *:backend = tdb
>>> # idmap config *:range = 70001-80000
>>> # idmap config DDCS:backend = ad
>>> # idmap config DDCS:schema_mode = rfc2307
>>> # idmap config DDCS:range = 500-40000
>>>
>>> winbind nss info = rfc2307
>>> winbind trusted domains only = no
>>> winbind use default domain = yes
>>> winbind enum users = yes
>>> winbind enum groups = yes
>>>
>>> What is the really role of idmap's line ?
>>>
>>> I have of to miss something
>>>
>>
>> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>
More information about the samba
mailing list