[Samba] samba 4 userid mapping

steve steve at steve-ss.com
Sun Jul 28 15:46:53 MDT 2013


On Tue, 2013-07-09 at 18:22 -0700, Nick B wrote:

Hi
None of this works on a s4 DC
> 
>  # Setup user maps
> 
> idmap config * : backend = tdb
> 
> idmap config * : range = 100000-199999
> 
> idmap config MYDOMAIN : backend = ad
> 
> idmap config MYDOMAIN : schema_mode = rfc2307
> 
> idmap config MYDOMAIN : range = 50000-99999
> 
> winbind nss info = rfc2307
> 
> winbind trusted domains only = No
> 
> winbind use default domain = Yes
> 
> winbind enum users = Yes
> 
> winbind enum groups = Yes

replace it with this:
idmap_ldb use:rfc2307 = Yes

make the winbind links:
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so
ln -s libnss_winbind.so /lib64/libnss_winbind.so.2

and the nss stuff in /etc/nsswitch.conf:
passwd:          files winbind
group:           files winbind

Now add the uidNumber and gidNumber attributes to the user or group DN
in AD. YOu can use ldbmodify or ldbedit for that. If you are brave, you
can build the master and use samba-tool add the attributes when you
create the user.

Note: if you want the whole of rfc2307 as your smb.conf suggests, then
use sssd and forget about winbind.

HTH
Steve




More information about the samba mailing list