[Samba] Element not found error
Brian C. Huffman
bhuffman at etinternational.com
Thu Sep 25 11:29:44 MDT 2014
On 09/25/2014 01:20 PM, Rowland Penny wrote:
> On 25/09/14 17:58, Brian C. Huffman wrote:
>> netbios name = samba02
>> workgroup = ETI
>> realm = XMEN.ETI
>> security = ads
>> idmap config * : range = 16777216-33554431
>> template homedir = /home/%U
>> template shell = /bin/bash
>> winbind use default domain = true
>> winbind offline logon = false
>> winbind enum users = yes
>> winbind enum groups = yes
>> encrypt passwords = yes
> Hi, with the above, samba has nowhere to map the users to, if you
> don't want to use the 'ad' backend, then you need to use the rid backend:
> idmap config *:backend = tdb
> idmap config *:range = 70001-80000
> idmap config ETI:backend = rid
> idmap config ETI:range = 500-40000
> Changing the numbers to match your requirements.
I don't plan to add any local linux accounts to this server. With the
exception of possibly the root user (which Marc implied should be mapped
to something), I don't know that I need a mapping as long as the
permissions can be modified and utilized from a windows desktop.
How should the root user be mapped to something (say Administrator)? I
don't see UID 0 mentioned in that range.
>> I'll admit I'm not too sure about the idmap config. I'm looking for
>> the simplist configuration that will work. The wiki for setting up
>> member server suggests some different idmap config options, but it
>> references schema mode rfc2307 and I don't think I have that.
> If you are using samba4 as the AD DC, then you do have rfc2307, but
> you will need to give yours users a uidNumber and your groups a
> gidNumber. Information about this is available on the samba wiki and
> elsewhere on the internet.
Ah. Ok. I guess this would be useful if I start running winbind on
other linux machines where users login. Right now I don't have the
uidNumber configured for my users.
More information about the samba