[Samba] Join QNAP to a Samba AD
contact at makz.me
contact at makz.me
Tue Dec 6 10:05:05 UTC 2016
I've upgraded in the classic way described in the wiki
I don't have any unix users between 99 and 65534 so i think can set the range
to start from 500.
However, this still won't work :(
On Dec 6 2016, at 10:01 am, Rowland Penny via samba <samba at lists.samba.org>
> On Tue, 06 Dec 2016 08:13:03 +0000
"contact at makz.me" <contact at makz.me> wrote:
> > On Dec 5 2016, at 6:07 pm, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > Does 'Domain users' have a gidNumber attribute containing a number
> between '10000-999999' ?
> No it's a AD classicupgraded from a Samba 3 PDC
> Here's a user example from my DC
> uid=1116(MYDOM\begr00) gid=513(MYDOM\domain users)
> groupes=513(MYDOM\domain us
> my first user start at uid 1001 (1000 was the administrator account
> on the S3 PDC)
> and groups start at 1000, AD and old PDC have exactly the same
> uid/gid except for specific AD builtin groups.
> How did you upgrade ?
> Whatever way you upgraded, it isn't going to work!
> With lines like these in smb.conf:
idmap config MYDOM:backend = ad
idmap config MYDOM:schema_mode = rfc2307
idmap config MYDOM:range = 10000-999999
> Your users & groups in AD need to have uidNumber or gidNumber
attributes containing a number between 10000-999999, any number outside
this range will be ignored and therefore the user or group will be
invisible to Unix. The 'Domain Users' group MUST have a gidNumber
containing a number inside the range or ALL users will be ignored
> From what you have posted, your DOMAIN range needs to start at '500',
but this will mean that you CANNOT have any local Unix users and the
builtin range will need to start above '999999'
To unsubscribe from this list go to the following URL and read the
More information about the samba