[Samba] Join Samba4 member server to Windows AD
denis.cardon at tranquil-it-systems.fr
Thu Feb 27 11:24:39 MST 2014
> workgroup = SD1
> security = ADS
> realm = SD1.RD.LAN
> encrypt passwords = yes
> # idmap config *:backend = tdb
> # idmap config *:range = 70001-80000
> idmap config SD1:backend = ad
> idmap config SD1:schema_mode = rfc2307
> idmap config SD1:range = 10000-40000
> winbind nss info = rfc2307
> # winbind separator = +
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> As you can see I see the users and groups of the root domain (RD.LAN)
> and subdomain2 (SD2.RD.LAN) but nothing about subdomain1 (SD1.RD.LAN)
You specified a idmap configuration for SD1 in your smb.conf file with
rfc2307, which tells samba looks for uidnumber and gidnumber in active
directory for SID<->uid/gid mapping. Those attributes are not populated
by default, so wbinfo does not pick up your SD1 entries.
> also when I execute getent passwd and getent group, I only see the Linux
> users and groups but don't get anything from Windows AD.
In order for getent passwd to work, there have to be a SID<->uid/gid
mapping, but have not specified any mapping for SD2 domain, only for
SD1, which actually does not work...
Try to fix your idmap. You may use rid to get a consistent mapping
between your different servers.
Hope this helps,
> I'm really confused and would appreciate if one you could take a look at
> it and tell me what is missing or wrong or even point me in the right
> direction. I don't have much experience with Samba, so please don't be
> too strict with me XD.
> Thnank you guys!
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 126.96.36.199.55
More information about the samba