[Samba] Configuration of smb.conf for Active Directory authentication
Rowland Penny
rpenny at samba.org
Fri Aug 26 21:16:32 UTC 2016
On Fri, 26 Aug 2016 19:42:46 +0000
Kyle Manel via samba <samba at lists.samba.org> wrote:
> Thanks for the feedback.
>
> With the modifications you specified I have this smb.conf, however it
> cannot be accessed?; "
> [global]
> netbios name =
> FILESERVER-001 security
> = ADS workgroup
> = CORP realm
> = CORP.INBAYTECH.COM
>
> log file
> = /var/log/samba/%m.log
> log level = 1
>
> idmap config *: backend =
> tdb idmap config *: range =
> 2000-9999
>
> idmap config CORP: backend = rid
> idmap config CORP: schema_mode = rfc2307
> idmap config CORP: range
> = 1000-9999999999
>
> template shell
> = /sbin/bash template homedir
> = /home/%U
>
> [public]
> path
> = /srv/samba/share
> public = yes guest ok
> = yes writable
> = yes "
> As for your question:
> "Why have you also added the deprecated 'idmap uid' & 'idmap gid'
> lines, they are not on the domain member wiki page." -NOTE: line 108
> of
> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
> This stipulates; '# Just adding the following three lines is not
> enough!!' -I apologize; Without further instruction I chose to access
> the wiki and documentation:
It actually says:
# idmap config used for your domain.
# Click on the following links for more information
# on the available winbind idmap backends,
# Choose the one that fits your requirements
# then add the corresponding configuration.
# Just adding the following three lines is not enough!!
# - idmap config ad
# - idmap config rid
# - idmap_config_autorid
I thought this was descriptive enough 'Click on the following links for
more information', obviously not.
Clicking on 'idmap config rid' takes you to:
https://wiki.samba.org/index.php/Idmap_config_rid
Which explains about idmap config rid and it also says this:
# Important: The ranges of the default (*) idmap config
# and the domain(s) must not overlap!
Yours overlap.
> https://wiki.samba.org/index.php/Idmap_config_rid and
> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2606596
> -The latter specifies IDMAP_RID with WinBind and specifies the idmap
> uid and gid as global parameters alongside this construct; You have
> now identified them as deprecated. -If there was some expectation of
> using RID exclusively, I did not read it as such, my apologies. {Now:
> -removed (as above)-}
I do wish somebody would remove the old docs, I do not think they will
ever be updated.
Rowland
More information about the samba
mailing list