[Samba] Winbind troubles

Matthew Daubenspeck matt at oddprocess.org
Mon Jul 22 15:29:19 MDT 2013


On Mon, Jul 22, 2013 at 10:15:10PM +0100, Rowland Penny wrote:
>    OK, that seems like it should work, I had the winbind ad backend
>    working, but found it difficult to setup so jumped ship to sssd
>    The idmap setup I used was:
>            idmap config *:backend = tdb
>            idmap config *:range = 1100-2000
>            idmap config DOMAIN:backend = ad
>            idmap config DOMAIN:schema_mode = rfc2307
>            idmap config DOMAIN:range = 10000-3100000
>    As you can see the number ranges are the opposite way round to what you
>    have i.e. config*:range is lower than DOMAIN:range
>    You could also try (as a test) changing backend = ad to backend = rid,
>    this will ignore the rfc2307 bit but will test the connect to the AD
>    server.
>    Rowland

Changing the above ranges made no difference. However, changing backend
= rid gets me:

root at srv2:~# getent passwd administrator
administrator:*:10005:1013:Administrator:/home/Administrator:/bin/sh
root at srv2:~# id user1
uid=10000(user1) gid=1013(domain users) groups=1013(domain
users),70002(BUILTIN\users)
root at srv2:~# id user2
uid=10001(user2) gid=1013(domain users) groups=1013(domain
users),70002(BUILTIN\users)

That seems to be working perfectly. What would I be losing without
rfc2307 (please excuse the ignorance)?


More information about the samba mailing list