[Samba] Winbind troubles
steve
steve at steve-ss.com
Mon Jul 22 15:36:26 MDT 2013
On Mon, 2013-07-22 at 17:29 -0400, Matthew Daubenspeck wrote:
> On Mon, Jul 22, 2013 at 10:15:10PM +0100, Rowland Penny wrote:
> > OK, that seems like it should work, I had the winbind ad backend
> > working, but found it difficult to setup so jumped ship to sssd
> > The idmap setup I used was:
> > idmap config *:backend = tdb
> > idmap config *:range = 1100-2000
> > idmap config DOMAIN:backend = ad
> > idmap config DOMAIN:schema_mode = rfc2307
> > idmap config DOMAIN:range = 10000-3100000
> > As you can see the number ranges are the opposite way round to what you
> > have i.e. config*:range is lower than DOMAIN:range
> > You could also try (as a test) changing backend = ad to backend = rid,
> > this will ignore the rfc2307 bit but will test the connect to the AD
> > server.
> > Rowland
>
> Changing the above ranges made no difference. However, changing backend
> = rid gets me:
>
> root at srv2:~# getent passwd administrator
> administrator:*:10005:1013:Administrator:/home/Administrator:/bin/sh
Amazing;)
>
> That seems to be working perfectly. What would I be losing without
> rfc2307 (please excuse the ignorance)?
You'd lose control over uidNumber, gidNumber and you wouldn't be able to
specify your own home directories and login shells. It's also a
nightmare if you add a second DC.
More information about the samba
mailing list