[Samba] winbind against samba4 AD DC
Ali Bendriss
ali.bendriss at gmail.com
Thu Feb 21 08:03:53 MST 2013
Hello,
Could you please give me some precision about the current state of the winbind
support on a member server. I have tried to list what I understand about it.
(I suppose that the libnss_winbind symlink are correct in /lib and/or lib64)
* samba4 join as member
join: samba-tool domain join <dnsdomain> MEMBER
smb.conf should contain: idmap_ldb:use rfc2307 = yes
the AD DC doesn't need to be provisioned with the option "--use-rfc2307"
then the member should be able to read uidNumber gidNumber from the directory.
* smbd + winbindd
samba4: compile with --with-shared-modules=...,idmap_ad
samba3 compile with --with-shared-modules=...,idmap_ad,--with-ads
join: net ads join
smb.conf should contain (from the wiki):
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config SHORTDOMAINNAME:backend = ad
idmap config SHORTDOMAINNAME:schema_mode = rfc2307
idmap config SHORTDOMAINNAME:range = 500-40000
But the AD have to be provisioned with "--use-rfc2307"
You then should add the objectclass: posixAccount in the AD samdb for each
user and posixGroup for the group
Is it mandatory to have provioned the AD with "--use-rfc2307" ?
mac OSX client seems to be OK without, they can read uid/gid Number,
but not linux client using smbd/winbindd.
If yes what is the best way to add rfc2307 support to an already provisioned
AD ? Applying ypServ30.ldif will it be good enough ?
Thanks
Ali
More information about the samba
mailing list