[Samba] NSLCD works, do I need RFC2307 extensions enabled in AD as well?
lists.john at gmail.com
Mon Apr 20 10:37:36 MDT 2015
Hello Andrey, thanks for the reply! I apologize for my delayed response!
On Fri, Apr 17, 2015 at 4:54 PM, Andrey Repin <anrdaemon at yandex.ru> wrote:
> Greetings, john!
> This is for POSIX users. Samba has nothing to do with them, other than to
> Windows users to POSIX uids sometimes.
> Normally, Samba servers communicate with each other directly, without
> down to POSIX layer.
> > Do I need to install RFC2307 extensions per
> You have to tell a little more about your setup, to begin with.
I am in the process of replacing an older Samba file server ver 3.5.6
running on Debian 6. This file server uses winbind with the idmap_rid
method for user mapping. It's been working well for 8 years or so.
We have a several Windows Domain Controllers running Win2K8R2 and a couple
running 2012R2. We have a single domain. I'd like the new Samba server to
be a member rather than a PDC. I have successfully joined this server to
the domain via kerberos, but don't necessarily need to use kerberos as my
The reason I want to change from idmap_rid to an LDAP based method (hence
NSLCD) is we are trying to standardize all user logons accross all devices
to use UPN names which have the format username at ourdomain.org My
understanding from this thread of last year
https://lists.samba.org/archive/samba/2014-May/181372.html is that winbind
doesn't support UPN names. I was hoping to work around it with NSLCD
Here is my non-working smb.conf file for reference.
workgroup = VANGUARD
server string = sserve
passdb backend = ldapsam:ldap://kram.vanguard.mydomain.org
username map = /etc/samba/smbusers
syslog = 0
log file = /var/log/samba/%m
smb ports = 139 445
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
name cache timeout = 3600
max stat cache size = 16384
domain logons = Yes
preferred master = Auto
domain master = No
wins support = Yes
ldap idmap suffix = ou=Idmap
idmap config * : range = 10000-200000
ldapsam:trusted = yes
idmap config * : backend = ldap:ldap://kram.vanguard.mydomain.org
map acl inherit = Yes
path = /home/ALLSTUDENTS
admin users = "@VANGUARD\domain admins"
read only = No
create mask = 0700
directory mask = 0700
delete readonly = Yes
I appreciate you help.
More information about the samba