[Samba] LDAP + Samba4(AD) + SSH
rowlandpenny241155 at gmail.com
Fri Aug 21 19:28:22 UTC 2015
On 21/08/15 20:08, Guilherme Boing wrote:
> I want my domain users to be able to connect to our linux servers using
> their AD username through LDAP.
What do you mean 'through LDAP' ?
> I am using nslcd and pam_ldap to do so, but I am having some hard time
> trying to figure out why the GID is not working properly.
> # getent passwd Guilherme
> # getent group|grep 513
> # id Guilherme
> uid=10000(Guilherme) gid=513 grupos=513,10001(it),10000(Domain Users)
> /etc/nslcd.conf: (bind not included)
> filter passwd (objectClass=user)
> filter group (objectClass=group)
> map passwd uid sAMAccountName
> map passwd homeDirectory unixHomeDirectory
> map passwd gecos displayName
> map passwd gidNumber primaryGroupID
> map group uniqueMember member
> I know that 513 should mean "Domain Users" from ADUC. However, "Domain
> Users" has the "UNIX Attributes" configuration of GID=10000.
How do you 'know' 513 should mean "Domain Users" ?
513 is the RID of "Domain Users" and by your own admission "Domain
Users" has the gidNumber of 10000
RID does not necessarily equal gidNumber
> # getent group|grep 10000
> Domain Users:*:10000:
> Should I change the UNIX Attributes ID of Domain Users to 513 ?
> What am I doing wrong ?
You can if you so wish, but you will need to 'chgrp' anything stored on
Unix owned by the "Domain Users" group.
More information about the samba