[Samba] UID and GID mapping throw DC and Member DC

Rowland Penny rowlandpenny at googlemail.com
Mon Mar 23 15:47:20 MDT 2015 

On 23/03/15 21:37, Jhon P wrote:
> Correct me if I'm wrong?
>
> You say that by RSAT and NIS I add a uid and gid for each user in the DC.

NO, you need to add a 'uidNumber' attribute to each user that you want 
to be visible to Unix, you also need to add a 'gidNumber' attribute to 
the groups that you want to be visible, at a minimum 'Domain Users'. 
These are the numbers that have to be inside the range set in smb.conf.

> As mentioned here:
> https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Check_if_RFC2307_is_used_by_your_Domain_Controllers
>
> If I do this, users are added to the passwd file on the domain 
> controller or saved to the db sam?
>

Do not add any users to /etc/passwd (via useradd) that you want to be 
domain users, your users are either domain users or local users, they 
cannot be both in a Active directory domain.


> Im go to try this tomorrow.
>
> That big problem is not provisioned with RFC2307!!!!
>
>

Yes but you have updated your AD by following the wiki page I pointed 
you at, haven't you ??

Rowland

> > Date: Mon, 23 Mar 2015 20:55:23 +0000
> > From: rowlandpenny at googlemail.com
> > To: samba at lists.samba.org
> > Subject: Re: [Samba] UID and GID mapping throw DC and Member DC
> >
> > On 23/03/15 20:28, Jhon P wrote:
> > > Question:
> > > When you add users to the ADDC the UID users are always going to be
> > > different from those obtained by the DC winbind Member?
> >
> > If you add uidNumbers & gidNumbers to users and groups you will get the
> > same ID numbers everywhere, here is an example:
> >
> > On a DC:
> >
> > root at dc01:~# getent passwd rowland
> > EXAMPLE\rowland:*:10000:10000:Rowland 
> Penny:/home/EXAMPLE/rowland:/bin/bash
> >
> > And on my laptop (a linux client):
> >
> > rowland at ThinkPad ~ $ getent passwd rowland
> > rowland:*:10000:10000::/home/rowland:/bin/bash
> >
> > >
> > > I talk about destroy the member server, because I have the freedom to
> > > do it again if necessary, this server is not in production.
> > >
> > > Regards.
> > >
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list