[Samba] Man page for idmap_rid

Rowland Penny rpenny at samba.org
Tue Aug 9 18:00:03 UTC 2016


On Tue, 9 Aug 2016 14:49:37 -0300
francis picabia <fpicabia at gmail.com> wrote:

> On Tue, Aug 9, 2016 at 1:58 PM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
> 
> > On Tue, 9 Aug 2016 13:37:18 -0300
> > francis picabia <fpicabia at gmail.com> wrote:
> >
> >
> > >
> > > getent passwd username
> > >
> > > (or "theusername") is not the literal command.  I substitute
> > > 'username' here to protect the user id.
> > > genent passwd on the user does work and it returns uid and gui of
> > > 1000, exactly what we see in the /etc/passwd file.  It is the same
> > > output as grep 'username' on /etc/passwd
> > >
> > > Remember, when winbind is off, it works.  This is certainly bug
> > > 10604 by all measures.
> >
> > And I think you have just posted your problem!
> >
> > Lets use 'fred' as one of your users, replace 'fred' with a real
> > users name
> >
> > Do you have a user called 'fred' in /etc/passwd *and* in AD ?
> >
> > If so, choose one and then delete the other, you cannot have them in
> > both.
> >
> 
> I don't think you've done this before.  Have you used security = ads?

ROFL ROFL ROFL

Can I direct you to my email address.

> 
> I have dozens of servers and hundreds of users running just fine
> with this.  Having the same user defined in both Linux and AD,
> and mapping it for authentication is the whole point.

That was the old way, if you are using AD, you do not need Unix users
in /etc/passwd and in fact, you should not have users in
both /etc/passwd and AD.
To make an AD user a Unix user, either add RFC2307 attributes to the
users object in AD and then use the winbind 'ad' backend, or use the
'rid' backend, in which case you do not have to add anything to AD.

Can you also stop sending email directly to me and CCing the list, just
send to the list.

Rowland
 



More information about the samba mailing list