[Samba] LDAP + Samba4(AD) + SSH

Guilherme Boing kolt+samba at frag.com.br
Fri Aug 21 19:08:02 UTC 2015


I want my domain users to be able to connect to our linux servers using
their AD username through LDAP.

I am using nslcd and pam_ldap to do so, but I am having some hard time
trying to figure out why the GID is not working properly.

# getent passwd Guilherme

# getent group|grep 513

# id Guilherme
uid=10000(Guilherme) gid=513 grupos=513,10001(it),10000(Domain Users)

/etc/nslcd.conf: (bind not included)
filter  passwd  (objectClass=user)
filter  group   (objectClass=group)

map     passwd  uid                sAMAccountName
map     passwd  homeDirectory      unixHomeDirectory
map     passwd  gecos              displayName
map     passwd  gidNumber          primaryGroupID
map     group   uniqueMember       member

I know that 513 should mean "Domain Users" from ADUC. However, "Domain
Users" has the "UNIX Attributes" configuration of GID=10000.

# getent group|grep 10000
Domain Users:*:10000:

Should I change the UNIX Attributes ID of Domain Users to 513 ?
What am I doing wrong ?


More information about the samba mailing list