[Samba] Element not found error

Rowland Penny rowlandpenny at googlemail.com
Thu Sep 25 12:00:22 MDT 2014

On 25/09/14 18:29, Brian C. Huffman wrote:
> On 09/25/2014 01:20 PM, Rowland Penny wrote:
>> On 25/09/14 17:58, Brian C. Huffman wrote:
>>> [global]
>>>    netbios name = samba02
>>>    workgroup = ETI
>>>    realm = XMEN.ETI
>>>    security = ads
>>>    idmap config * : range = 16777216-33554431
>>>    template homedir = /home/%U
>>>    template shell = /bin/bash
>>>    winbind use default domain = true
>>>    winbind offline logon = false
>>>    winbind enum users  = yes
>>>    winbind enum groups = yes
>>>    encrypt passwords = yes
>> Hi, with the above, samba has nowhere to map the users to, if you 
>> don't want to use the 'ad' backend, then you need to use the rid 
>> backend:
>> idmap config *:backend = tdb
>> idmap config *:range = 70001-80000
>> idmap config ETI:backend = rid
>> idmap config ETI:range = 500-40000
>> Changing the numbers to match your requirements.
> I don't plan to add any local linux accounts to this server.  With the 
> exception of possibly the root user (which Marc implied should be 
> mapped to something), I don't know that I need a mapping as long as 
> the permissions can be modified and utilized from a windows desktop.

And just how are you going to get the local system to modify the 
permissions if it doesn't know who the users/groups are ???

> How should the root user be mapped to something (say Administrator)?  
> I don't see UID 0 mentioned in that range.

You need to create a file, i.e. /etc/samba/smbusers containing this line:

!root = EXAMPLE\Administrator Administrator administrator

then add this line to the global section of smb.conf:

username map = /etc/samba/smbusers

then restart the samba daemons


>>> I'll admit I'm not too sure about the idmap config.  I'm looking for 
>>> the simplist configuration that will work.  The wiki for setting up 
>>> member server suggests some different idmap config options, but it 
>>> references schema mode rfc2307 and I don't think I have that.
>> If you are using samba4 as the AD DC, then you do have rfc2307, but 
>> you will need to give yours users a uidNumber and your groups a 
>> gidNumber. Information about this is available on the samba wiki and 
>> elsewhere on the internet.
> Ah.  Ok.  I guess this would be useful if I start running winbind on 
> other linux machines where users login.  Right now I don't have the 
> uidNumber configured for my users.
> Thanks,
> Brian

More information about the samba mailing list