[Samba] Join Samba4 member server to Windows AD
Denis Cardon
denis.cardon at tranquil-it-systems.fr
Thu Feb 27 11:24:39 MST 2014
Hi Ismael,
---snip---
> [global]
>
> workgroup = SD1
> security = ADS
> realm = SD1.RD.LAN
> encrypt passwords = yes
>
> # idmap config *:backend = tdb
> # idmap config *:range = 70001-80000
> idmap config SD1:backend = ad
> idmap config SD1:schema_mode = rfc2307
> idmap config SD1:range = 10000-40000
>
> winbind nss info = rfc2307
> # winbind separator = +
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
--snip--
>
> As you can see I see the users and groups of the root domain (RD.LAN)
> and subdomain2 (SD2.RD.LAN) but nothing about subdomain1 (SD1.RD.LAN)
You specified a idmap configuration for SD1 in your smb.conf file with
rfc2307, which tells samba looks for uidnumber and gidnumber in active
directory for SID<->uid/gid mapping. Those attributes are not populated
by default, so wbinfo does not pick up your SD1 entries.
> also when I execute getent passwd and getent group, I only see the Linux
> users and groups but don't get anything from Windows AD.
In order for getent passwd to work, there have to be a SID<->uid/gid
mapping, but have not specified any mapping for SD2 domain, only for
SD1, which actually does not work...
Try to fix your idmap. You may use rid to get a consistent mapping
between your different servers.
Hope this helps,
Denis
> I'm really confused and would appreciate if one you could take a look at
> it and tell me what is missing or wrong or even point me in the right
> direction. I don't have much experience with Samba, so please don't be
> too strict with me XD.
>
> Thnank you guys!
> Isfelipe
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
More information about the samba
mailing list