[Samba] How does one "look at AD" in Samba4.1?
stuartl at vrt.com.au
Sun Mar 16 23:42:14 MDT 2014
On 16/03/14 11:14, steve wrote:
> On Sun, 2014-03-16 at 10:52 +1000, Stuart Longland wrote:
>> Not so good. At this point I'm told to "look at AD and verify that all
>> groups have GIDs". I'm managing this from a Linux command line; how
>> does one do this?
> e.g. for Domain Users:
> ldbedit --url=/usr/local/samba/private/sam.ldb cn=Domain\ Users
This has been a *big* help. I knew the information I needed was in LDAP
somewhere, just didn't know how to get at it to edit it.
> Now add something like RID+20000:
> gidNumber: 20513
You mention "RID", where do I find this? What's the significance of the
> getent group Domain\ Users
> will return.
Well, this half-works now: I can do a `getent group 'MYDOMAIN\Domain
Users', and get a result.
It doesn't know about 'Domain Users' however: it seems to go looking for
this in a domain called BNEDEVFS0 (the hostname of the machine).
That said, it seems to be working well enough that a Windows 2000 and
Windows XP system are both talking to this domain happily exchanging
data with it. (Logons work, files are reported by the Linux server as
being owned by MYDOMAIN\administrator... it'd be nice to ditch the
MYDOMAIN\ prefix but at least it works.)
Should I be concerned about the requirement for this prefix?
\ /|_) | T: +61 7 3535 9619
\/ | \ | 38b Douglas Street F: +61 7 3535 9699
SYSTEMS Milton QLD 4064 http://www.vrt.com.au
More information about the samba