[Samba] [INTERNET] Re: Samba 4 DC - idmap config on a samba 4 member server
Ali Bendriss
ali.bendriss at gmail.com
Thu Feb 21 05:21:12 MST 2013
On Thursday, February 21, 2013 12:32:18 PM BOTZ Franck - DDT 67/SG/MGI/CI
wrote:
> Hello
>
> I test your solution but if "getent" return all users and groups (AD +
> local), all have the same UID/GID. Strange ...
>
> This morning I commented idmap config DDCS67:range = 500-40000 and it
> works !! ADs users/groups
>
I am testing idmap_ad as well and I have lot of issue with idmap_ad but I was
thinking that it's because I haven't provision with rfc2307 at that time.
When you say it work, do you mean that the returned uid/gid are the ones
stored in the directorie (uidNumber/gidNumber) ?
thanks
> idmap config *:backend = tdb
> idmap config *:range = 70000-79999
> idmap config DDCS67:backend = ad
> idmap config DDCS67:schema_mode = rfc2307
> #idmap config DDCS67:range = 500-40000
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = Yes
> winbind enum users = yes
> winbind enum groups = yes
>
> user1:*:70001:70001:user1l:/data/individuel/DDCS67/user1:/bin/false
> user2:*:70002:70001:user2:/data/individuel/DDCS67/user2:/bin/false
> user3:*:70011:70001:user3:/data/individuel/DDCS67/user3:/bin/false
> administrator:*:70003:70001:Administrator:/data/individuel/DDCS67/administra
> tor:/bin/false
> user4:*:70004:70001:user4:/data/individuel/DDCS67/user4:/bin/false
> user5:*:70005:70001:user5:/data/individuel/DDCS67/user5:/bin/false
>
> It's good but I don't understand why
>
> Franck
>
> Le 21/02/2013 08:21, "> Hervé Hénoch (par Internet)" a écrit :
> > Hello Franck
> >
> > I had the same problem. When I removed "config" in the two lines,
> > getent group worked.
> >
> > idmap config *:backend = tdb
> > idmap config *:range = 70001-80000
> >
> > For the role of idmap you can read :
> > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html
> >
> > Regards
> >
> > Le 20/02/2013 21:39, BOTZ Franck (Informaticien) - DDT 67/SG/MGI/CI a
> >
> > écrit :
> >> Without idmap line, it work too.
> >>
> >> [global]
> >>
> >> workgroup = DDCS
> >> security = ADS
> >> realm = DDCS.LOCAL
> >> encrypt passwords = yes
> >>
> >> # idmap config *:backend = tdb
> >> # idmap config *:range = 70001-80000
> >> # idmap config DDCS:backend = ad
> >> # idmap config DDCS:schema_mode = rfc2307
> >> # idmap config DDCS:range = 500-40000
> >>
> >> winbind nss info = rfc2307
> >> winbind trusted domains only = no
> >> winbind use default domain = yes
> >> winbind enum users = yes
> >> winbind enum groups = yes
> >>
> >> What is the really role of idmap's line ?
> >>
> >> I have of to miss something
More information about the samba
mailing list