[Samba] Join QNAP to a Samba AD

contact at makz.me contact at makz.me
Tue Dec 6 10:05:05 UTC 2016 

I've upgraded in the classic way described in the wiki

  

https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_domain_to_a_Samba_AD_do
main_(classic_upgrade)  

  

I don't have any unix users between 99 and 65534 so i think can set the range
to start from 500.

  

However, this still won't work :(

  

On Dec 6 2016, at 10:01 am, Rowland Penny via samba <samba at lists.samba.org>
wrote:  

> On Tue, 06 Dec 2016 08:13:03 +0000  
"contact at makz.me" <contact at makz.me> wrote:

>

> > On Dec 5 2016, at 6:07 pm, Rowland Penny via samba  
> <samba at lists.samba.org> wrote:

>

> >  
> > Does 'Domain users' have a gidNumber attribute containing a number  
> between '10000-999999' ?  
>  
>  
> No it's a AD classicupgraded from a Samba 3 PDC  
>  
> Here's a user example from my DC  
>  
> uid=1116(MYDOM\begr00) gid=513(MYDOM\domain users)  
> groupes=513(MYDOM\domain us  
>
ers),1151(MYDOM\evaluation),1214(MYDOM\procedures),12021(MYDOM\s13cadre),12041  
> (MYDOM\s13-grh),1264(MYDOM\zsbw),1001(MYDOM\s13),3000005(BUILTIN\users)  
>  
> my first user start at uid 1001 (1000 was the administrator account  
> on the S3 PDC)  
>  
> and groups start at 1000, AD and old PDC have exactly the same  
> uid/gid except for specific AD builtin groups.  
>

>

> How did you upgrade ?

>

> Whatever way you upgraded, it isn't going to work!

>

> With lines like these in smb.conf:  
idmap config MYDOM:backend = ad  
idmap config MYDOM:schema_mode = rfc2307  
idmap config MYDOM:range = 10000-999999

>

> Your users & groups in AD need to have uidNumber or gidNumber  
attributes containing a number between 10000-999999, any number outside  
this range will be ignored and therefore the user or group will be  
invisible to Unix. The 'Domain Users' group MUST have a gidNumber  
containing a number inside the range or ALL users will be ignored

>

> From what you have posted, your DOMAIN range needs to start at '500',  
but this will mean that you CANNOT have any local Unix users and the  
builtin range will need to start above '999999'

>

> Rowland

>

> \--  
To unsubscribe from this list go to the following URL and read the  
instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list