[Samba] idmap weirdness - wildcard values being used instead of rfc2307 AD values
Rowland Penny
rowlandpenny at googlemail.com
Thu Oct 30 06:31:17 MDT 2014
On 30/10/14 11:29, Doug Meredith wrote:
> I've done a lot of research on this and haven't been able to solve the
> problem. Hopefully someone here has a better understanding of this than I
> do.
>
> The problem is that the UIDs and GIDs are not being fetched from AD. For
> example "getent passwd doug" returns:
>
> doug:*:70003:70005:Doug Meredith:/home/DSTRC/doug:/bin/false
>
> My full name has correctly been pulled from AD but the UID specified in AD
> is 20001 and the group is 10000.
Is the computer joined to the domain ? what is the AD DC ? any chance of
seeing the users entry in AD ? smb.conf appears OK except that what is
being pulled from AD doesn't seem to include the users unixHomeDirectory
& loginShell. I wonder if you are mistaking the 'uid' attribute for the
'uidNumber' attribute ?
Rowland
> The values shown above are obviously
> coming from the wildcard idmap specified in my smb.conf, but I'm at a loss
> as to why. This occurs for all users and all groups.
>
> Platform is FreeBSD 10 and I'm using Samba 4.1.13. Full smb.conf is
> bellow. Any help would be very much appreciated.
>
> [global]
> workgroup = DSTRC
> security = ADS
> realm = DSTRC.ORG
> encrypt passwords = yes
>
> idmap config *:backend = tdb
> idmap config *:range = 70001-80000
> idmap config DSTRC:backend = ad
> idmap config DSTRC:schema_mode = rfc2307
> idmap config DSTRC:range = 500-40000
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
> vfs objects = zfsacl
> map acl inherit = Yes
> store dos attributes = Yes
>
> printcap name = /dev/null
> load printers = no
> disable spoolss = yes
> printing = bsd
>
> [media]]
> path = /pool1/media
> comment = Movies, TV and music
> read only = no
More information about the samba
mailing list