[Samba] Element not found error
rowlandpenny at googlemail.com
Thu Sep 25 12:00:22 MDT 2014
On 25/09/14 18:29, Brian C. Huffman wrote:
> On 09/25/2014 01:20 PM, Rowland Penny wrote:
>> On 25/09/14 17:58, Brian C. Huffman wrote:
>>> netbios name = samba02
>>> workgroup = ETI
>>> realm = XMEN.ETI
>>> security = ads
>>> idmap config * : range = 16777216-33554431
>>> template homedir = /home/%U
>>> template shell = /bin/bash
>>> winbind use default domain = true
>>> winbind offline logon = false
>>> winbind enum users = yes
>>> winbind enum groups = yes
>>> encrypt passwords = yes
>> Hi, with the above, samba has nowhere to map the users to, if you
>> don't want to use the 'ad' backend, then you need to use the rid
>> idmap config *:backend = tdb
>> idmap config *:range = 70001-80000
>> idmap config ETI:backend = rid
>> idmap config ETI:range = 500-40000
>> Changing the numbers to match your requirements.
> I don't plan to add any local linux accounts to this server. With the
> exception of possibly the root user (which Marc implied should be
> mapped to something), I don't know that I need a mapping as long as
> the permissions can be modified and utilized from a windows desktop.
And just how are you going to get the local system to modify the
permissions if it doesn't know who the users/groups are ???
> How should the root user be mapped to something (say Administrator)?
> I don't see UID 0 mentioned in that range.
You need to create a file, i.e. /etc/samba/smbusers containing this line:
!root = EXAMPLE\Administrator Administrator administrator
then add this line to the global section of smb.conf:
username map = /etc/samba/smbusers
then restart the samba daemons
>>> I'll admit I'm not too sure about the idmap config. I'm looking for
>>> the simplist configuration that will work. The wiki for setting up
>>> member server suggests some different idmap config options, but it
>>> references schema mode rfc2307 and I don't think I have that.
>> If you are using samba4 as the AD DC, then you do have rfc2307, but
>> you will need to give yours users a uidNumber and your groups a
>> gidNumber. Information about this is available on the samba wiki and
>> elsewhere on the internet.
> Ah. Ok. I guess this would be useful if I start running winbind on
> other linux machines where users login. Right now I don't have the
> uidNumber configured for my users.
More information about the samba