[Samba] Element not found error

[Brian C. Huffman]

On 09/25/2014 01:20 PM, Rowland Penny wrote:
> On 25/09/14 17:58, Brian C. Huffman wrote:
>> [global]
>>    netbios name = samba02
>>    workgroup = ETI
>>    realm = XMEN.ETI
>>    security = ads
>>    idmap config * : range = 16777216-33554431
>>    template homedir = /home/%U
>>    template shell = /bin/bash
>>    winbind use default domain = true
>>    winbind offline logon = false
>>    winbind enum users  = yes
>>    winbind enum groups = yes
>>    encrypt passwords = yes
>>
>
> Hi, with the above, samba has nowhere to map the users to, if you 
> don't want to use the 'ad' backend, then you need to use the rid backend:
>
> idmap config *:backend = tdb
> idmap config *:range = 70001-80000
> idmap config ETI:backend = rid
> idmap config ETI:range = 500-40000
>
> Changing the numbers to match your requirements.
I don't plan to add any local linux accounts to this server.  With the 
exception of possibly the root user (which Marc implied should be mapped 
to something), I don't know that I need a mapping as long as the 
permissions can be modified and utilized from a windows desktop.

How should the root user be mapped to something (say Administrator)?  I 
don't see UID 0 mentioned in that range.

>>
>> I'll admit I'm not too sure about the idmap config.  I'm looking for 
>> the simplist configuration that will work.  The wiki for setting up 
>> member server suggests some different idmap config options, but it 
>> references schema mode rfc2307 and I don't think I have that.
>>
>
> If you are using samba4 as the AD DC, then you do have rfc2307, but 
> you will need to give yours users a uidNumber and your groups a 
> gidNumber. Information about this is available on the samba wiki and 
> elsewhere on the internet.

Ah.  Ok.  I guess this would be useful if I start running winbind on 
other linux machines where users login.  Right now I don't have the 
uidNumber configured for my users.

Thanks,
Brian