[Samba] Element not found error

[Davor Vusir]

Rowland Penny skrev den 2014-09-25 20:00:
> On 25/09/14 18:29, Brian C. Huffman wrote:
>> On 09/25/2014 01:20 PM, Rowland Penny wrote:
>>> On 25/09/14 17:58, Brian C. Huffman wrote:
>>>> [global]
>>>>    netbios name = samba02
>>>>    workgroup = ETI
>>>>    realm = XMEN.ETI
>>>>    security = ads
>>>>    idmap config * : range = 16777216-33554431
>>>>    template homedir = /home/%U
>>>>    template shell = /bin/bash
>>>>    winbind use default domain = true
>>>>    winbind offline logon = false
>>>>    winbind enum users  = yes
>>>>    winbind enum groups = yes
>>>>    encrypt passwords = yes
>>>>
>>>
>>> Hi, with the above, samba has nowhere to map the users to, if you 
>>> don't want to use the 'ad' backend, then you need to use the rid 
>>> backend:
>>>
>>> idmap config *:backend = tdb
>>> idmap config *:range = 70001-80000
>>> idmap config ETI:backend = rid
>>> idmap config ETI:range = 500-40000
>>>
>>> Changing the numbers to match your requirements.
>> I don't plan to add any local linux accounts to this server. With the 
>> exception of possibly the root user (which Marc implied should be 
>> mapped to something), I don't know that I need a mapping as long as 
>> the permissions can be modified and utilized from a windows desktop.
>
> And just how are you going to get the local system to modify the 
> permissions if it doesn't know who the users/groups are ???
>
>>
>> How should the root user be mapped to something (say Administrator)?  
>> I don't see UID 0 mentioned in that range.
>>
>
> You need to create a file, i.e. /etc/samba/smbusers containing this line:
>
> !root = EXAMPLE\Administrator Administrator administrator
>

What happens if one logs on with 'administrator at example.com'?

> then add this line to the global section of smb.conf:
>
> username map = /etc/samba/smbusers
>
> then restart the samba daemons
>
> Rowland
>
>
>
>
>>>>
>>>> I'll admit I'm not too sure about the idmap config.  I'm looking 
>>>> for the simplist configuration that will work.  The wiki for 
>>>> setting up member server suggests some different idmap config 
>>>> options, but it references schema mode rfc2307 and I don't think I 
>>>> have that.
>>>>
>>>
>>> If you are using samba4 as the AD DC, then you do have rfc2307, but 
>>> you will need to give yours users a uidNumber and your groups a 
>>> gidNumber. Information about this is available on the samba wiki and 
>>> elsewhere on the internet.
>>
>> Ah.  Ok.  I guess this would be useful if I start running winbind on 
>> other linux machines where users login.  Right now I don't have the 
>> uidNumber configured for my users.
>>
>> Thanks,
>> Brian
>>
>