[Samba] LDAP + Samba4(AD) + SSH
kolt+samba at frag.com.br
Mon Aug 24 14:09:58 UTC 2015
By "through LDAP" I meant that our linux servers would look for the users
Anyway, I was able to "fix" this by mapping gidNumber to gidNumber instead
of primaryGroupID on nslcd.conf.
uid=10000(Guilherme) gid=10001(it) grupos=10001(it)
On Fri, Aug 21, 2015 at 4:28 PM, Rowland Penny <rowlandpenny241155 at gmail.com
> On 21/08/15 20:08, Guilherme Boing wrote:
>> I want my domain users to be able to connect to our linux servers using
>> their AD username through LDAP.
> What do you mean 'through LDAP' ?
>> I am using nslcd and pam_ldap to do so, but I am having some hard time
>> trying to figure out why the GID is not working properly.
>> # getent passwd Guilherme
>> # getent group|grep 513
>> # id Guilherme
>> uid=10000(Guilherme) gid=513 grupos=513,10001(it),10000(Domain Users)
>> /etc/nslcd.conf: (bind not included)
>> filter passwd (objectClass=user)
>> filter group (objectClass=group)
>> map passwd uid sAMAccountName
>> map passwd homeDirectory unixHomeDirectory
>> map passwd gecos displayName
>> map passwd gidNumber primaryGroupID
>> map group uniqueMember member
>> I know that 513 should mean "Domain Users" from ADUC. However, "Domain
>> Users" has the "UNIX Attributes" configuration of GID=10000.
> How do you 'know' 513 should mean "Domain Users" ?
> 513 is the RID of "Domain Users" and by your own admission "Domain Users"
> has the gidNumber of 10000
> RID does not necessarily equal gidNumber
>> # getent group|grep 10000
>> Domain Users:*:10000:
>> Should I change the UNIX Attributes ID of Domain Users to 513 ?
>> What am I doing wrong ?
> You can if you so wish, but you will need to 'chgrp' anything stored on
> Unix owned by the "Domain Users" group.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba