[Samba] The problem with setting up AD domain to Samba 4
Rowland Penny
rowlandpenny at googlemail.com
Wed Jun 19 04:07:11 MDT 2013
Hi Steve, yes I agree with you, the problem is that people still try to set
up an S4 AD server as if it was S3, this will never work.
What people need to realise is that an S4 AD server is for all intents and
purposes a windows AD server clone and to set it up the same
It might be easier for the OP to reprovision again and start with a blank
slate and this time do some searching on 'how do I connect a linux client
to a windows server'
Rowland
On 19 June 2013 10:54, steve <steve at steve-ss.com> wrote:
> On Wed, 2013-06-19 at 10:34 +0100, Rowland Penny wrote:
> > The problem is that you are mixing up how samba 4 works with how samba
> > 3 works, samba 4 winbind does not work the same as the samba 3
> > winbind.
> >
> > What you need to do is give your linux users a uidNumber and groups
> > like Domain Users a gidNumber, how you do this is up to you, it can be
> > done from windows (ADUC?) or by using an ldif on linux, try a web
> > search.
> >
> > You then need to extract this information on the linux clients, you
> > can use winbind, but do not use the rid backend. If do you use the rid
> > backend, whilst you will get the same UID for a user on any linux
> > client that uses the exact same winbind settings, you will never get
> > the same UID on the server. Using the ad backend will get you the
> > same UID where ever you ask for it, but in my opinion is not the way
> > to go, try using sssd, it is a lot easier to set up.
> >
> >
> > Rowland
> >
>
> Hi Rowland
> From what I can work out from the posts, the OP is trying to do this on
> a DC. What I find difficult to get across is the idea of storing stuff
> in AD. In cases such as these I really can't see any other way to go.
> The OP's idmap is really screwed up. I've had a go via the DC winbind
> and the only way I could go with this was to delete the idmap entries
> and start again. This is in the other post about an hour or so ago, if
> you have any easier way. . .
> Cheers,
> Steve
>
>
>
More information about the samba
mailing list