[Samba] samba4 as ADS member: some users visible, others not
Stefan G. Weichinger
lists at xunil.at
Tue Dec 29 16:32:02 UTC 2015
I have to add a brand new fedora 23 server with samba 4.3.3 to an
existing Windows ADS domain.
The join is OK:
# net ads testjoin
Join is OK
I use winbind as I still have to learn about sssd (and I am unsure which
one to prefer).
config (workgroup and realm edited):
workgroup = customer
realm = my.customer
server string =
security = ADS
map to guest = Bad User
username map = /etc/samba/smbusers
map untrusted to domain = Yes
load printers = No
printcap name = /dev/null
disable spoolss = Yes
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
idmap config customer:range = 10000-999999
idmap config customer:schema_mode = rfc2307
idmap config customer:backend = ad
idmap config *:range = 2000-9999
idmap config * : backend = tdb
force create mode = 0664
force directory mode = 0775
printing = bsd
level2 oplocks = No
wbinfo -g list all users and groups from ADS
getent passwd only gives me around 20 users from ADS ...
-> some users get access to shares, some not!
I assume this has to do with "idmap config customer:range" ?
How to determine the values of the max ids?
Do I have to "reset" some mappings after changing this parameter?
What else to check for?
thanks for any help on this, Stefan
More information about the samba