[Samba] Element not found error

[Marc Muehlfeld]

Am 25.09.2014 um 19:29 schrieb Brian C. Huffman:
>> Hi, with the above, samba has nowhere to map the users to, if you
>> don't want to use the 'ad' backend, then you need to use the rid backend:
>>
>> idmap config *:backend = tdb
>> idmap config *:range = 70001-80000
>> idmap config ETI:backend = rid
>> idmap config ETI:range = 500-40000
>>
>> Changing the numbers to match your requirements.
>
> I don't plan to add any local linux accounts to this server.

Samba Domain Members have, like Windows, some built-in accounts/groups,
which require the mappings. E. g.
BUILTIN\Print Operators
BUILTIN\Account Operators
BUILTIN\Backup Operators
BUILTIN\Server Operators
BUILTIN\Administrators
etc.




> With the exception of possibly the root user (which Marc implied
> should be mapped to something), I don't know that I need a mapping as
> long as the permissions can be modified and utilized from a windows
> desktop.

You don't need to map Administrator to root. If your granted
SeDiskOperatorPrivilege to you Administrator account or a group, it
belongs to, it should be enough to edit the permissions. But some do
that mapping and as more information about your configuration we have,
as easier it would be to find out, what's wrong. :-)

But if you have a 'username map' entry, you have to add and enable the
account with smbpasswd -a/-e.




> I'll admit I'm not too sure about the idmap config.  I'm looking for
> the simplist configuration that will work.  The wiki for setting up
> member server suggests some different idmap config options, but it
> references schema mode rfc2307 and I don't think I have that.

It's still on my to-do list, to write the documentation for the
different Idmap backends. But in the meantime, have a look at the
manpage of 'idmap_rid'. The usage is like for the rfc2307 backend.


Regards,
Marc