[Samba] Element not found error
Davor Vusir
davortvusir at gmail.com
Sun Oct 5 13:52:27 MDT 2014
Rowland Penny skrev den 2014-09-25 20:00:
> On 25/09/14 18:29, Brian C. Huffman wrote:
>> On 09/25/2014 01:20 PM, Rowland Penny wrote:
>>> On 25/09/14 17:58, Brian C. Huffman wrote:
>>>> [global]
>>>> netbios name = samba02
>>>> workgroup = ETI
>>>> realm = XMEN.ETI
>>>> security = ads
>>>> idmap config * : range = 16777216-33554431
>>>> template homedir = /home/%U
>>>> template shell = /bin/bash
>>>> winbind use default domain = true
>>>> winbind offline logon = false
>>>> winbind enum users = yes
>>>> winbind enum groups = yes
>>>> encrypt passwords = yes
>>>>
>>>
>>> Hi, with the above, samba has nowhere to map the users to, if you
>>> don't want to use the 'ad' backend, then you need to use the rid
>>> backend:
>>>
>>> idmap config *:backend = tdb
>>> idmap config *:range = 70001-80000
>>> idmap config ETI:backend = rid
>>> idmap config ETI:range = 500-40000
>>>
>>> Changing the numbers to match your requirements.
>> I don't plan to add any local linux accounts to this server. With the
>> exception of possibly the root user (which Marc implied should be
>> mapped to something), I don't know that I need a mapping as long as
>> the permissions can be modified and utilized from a windows desktop.
>
> And just how are you going to get the local system to modify the
> permissions if it doesn't know who the users/groups are ???
>
>>
>> How should the root user be mapped to something (say Administrator)?
>> I don't see UID 0 mentioned in that range.
>>
>
> You need to create a file, i.e. /etc/samba/smbusers containing this line:
>
> !root = EXAMPLE\Administrator Administrator administrator
>
What happens if one logs on with 'administrator at example.com'?
> then add this line to the global section of smb.conf:
>
> username map = /etc/samba/smbusers
>
> then restart the samba daemons
>
> Rowland
>
>
>
>
>>>>
>>>> I'll admit I'm not too sure about the idmap config. I'm looking
>>>> for the simplist configuration that will work. The wiki for
>>>> setting up member server suggests some different idmap config
>>>> options, but it references schema mode rfc2307 and I don't think I
>>>> have that.
>>>>
>>>
>>> If you are using samba4 as the AD DC, then you do have rfc2307, but
>>> you will need to give yours users a uidNumber and your groups a
>>> gidNumber. Information about this is available on the samba wiki and
>>> elsewhere on the internet.
>>
>> Ah. Ok. I guess this would be useful if I start running winbind on
>> other linux machines where users login. Right now I don't have the
>> uidNumber configured for my users.
>>
>> Thanks,
>> Brian
>>
>
More information about the samba
mailing list