[Samba] winbind/idmap issue on samba4 member server
?icro MEGAS
micromegas at mail333.com
Mon Oct 20 12:07:15 MDT 2014
> You are very nearly correct, your smb.conf on the member server has
> these lines:
>
> idmap config MYDOM:backend = ad
> idmap config MYDOM:schema_mode = rfc2307
> idmap config MYDOM:range = 500-40000
>
> The first line makes winbind use the ad backend, the second ensures that
> the rfc2307 attributes are used and the third line sets the range of
> users to pull from AD.
>
> What this boils down to is:
>
> A) only users with a uidNumber will be pulled
> B) the uidNumber must be between the range given in smb.conf, in your
> case, between 500 - 40000
>
> Any users without a uidNumber will be ignored, so any users that you
> want to connect to the member server will have to have a uidNumber, also
> groups will have to have a gidNumber. You can add other rfc2307
> attributes but these are not really mandatory, they just make life a lot
> easier ;-)
>
> Rowland
Is there any other way, so I can instruct my member server to pull ALL AD users, even if they have no UID assigned? Please point me to some useful tutorials/wikis for the additional rfc2307 attributes you told me about. I have two more questions on that topic:
- as you see the output of "getent passwd" my user "MYDOM\Administrator" has the UID=0 which is confusing me. Let's say, I'd like to make this user account available on the member server, too. I would have to open ADUC tool, edit that user and in tab [UNIX Attribute] assign the NIS domain = MYDOM to it and he also needs a UID. Which UID should I give him? Give him the UID=0 again? What happens if I assign UID=10000 to that user, will that administrative account be restricted on any way? I don't want to mess up my configuration.
- In ADUC tool, as soon as I choose a user account and try to modify it under tab [UNIX Attribute] the default login shell is "/bin/sh" and the default homedir is = "/home/foobar". I would like to have other defaults here, the default shell should be "/bin/bash" and the default home should be "/home/MYDOM/foobar". I tried accomplishing that by following change in DC1 and DC2 smb.conf:
template shell = /bin/false
template homedir = /home/%D/%U
I restarted afterwards sernet-samba-ad on DC1 and DC2 and I also restarted the untouched member server by restarting its services nmbd,smbd and winbindd. Unfortunately it didn't help. I still get as default the mentioned paths in ADUC tool. What am I doing wrong here?
Mirco
More information about the samba
mailing list