[Samba] Join QNAP to a Samba AD
Rowland Penny
rpenny at samba.org
Tue Dec 6 08:46:31 UTC 2016
On Tue, 06 Dec 2016 08:13:03 +0000
"contact at makz.me" <contact at makz.me> wrote:
> On Dec 5 2016, at 6:07 pm, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
>
> > Does 'Domain users' have a gidNumber attribute containing a number
> between '10000-999999' ?
>
>
> No it's a AD classicupgraded from a Samba 3 PDC
>
> Here's a user example from my DC
>
> uid=1116(MYDOM\begr00) gid=513(MYDOM\domain users)
> groupes=513(MYDOM\domain us
> ers),1151(MYDOM\evaluation),1214(MYDOM\procedures),12021(MYDOM\s13cadre),12041
> (MYDOM\s13-grh),1264(MYDOM\zsbw),1001(MYDOM\s13),3000005(BUILTIN\users)
>
> my first user start at uid 1001 (1000 was the administrator account
> on the S3 PDC)
>
> and groups start at 1000, AD and old PDC have exactly the same
> uid/gid except for specific AD builtin groups.
>
How did you upgrade ?
Whatever way you upgraded, it isn't going to work!
With lines like these in smb.conf:
idmap config MYDOM:backend = ad
idmap config MYDOM:schema_mode = rfc2307
idmap config MYDOM:range = 10000-999999
Your users & groups in AD need to have uidNumber or gidNumber
attributes containing a number between 10000-999999, any number outside
this range will be ignored and therefore the user or group will be
invisible to Unix. The 'Domain Users' group MUST have a gidNumber
containing a number inside the range or ALL users will be ignored
From what you have posted, your DOMAIN range needs to start at '500',
but this will mean that you CANNOT have any local Unix users and the
builtin range will need to start above '999999'
Rowland
More information about the samba
mailing list