[Samba] Samba 4.1.17-Debian as ADS member
Stefan G. Weichinger
lists at xunil.at
Wed Feb 24 12:57:06 UTC 2016
Am 2016-02-24 um 13:44 schrieb Sketch:
> On Wed, 24 Feb 2016, Stefan G. Weichinger wrote:
> [snip]
>> idmap config CUST:range = 10000-99999
>> idmap config CUST:backend = ad
>> idmap config *:range = 2000-9999
>> idmap config * : backend = tdb
>
> If your idmap backend is ad, you need to assign your users uids (and
> gids for groups) in active directory. You don't mention if you did that
> or not. Only users/groups with uids/gids will get mapped to linux users.
In fact I didn't have any idmap-related lines in there before the
problems arised today. It worked so far!
Using "ad" backend was a step in panic today ... without any mapping, right!
I set up a test VM now, same OS and software, with
[global]
workgroup = CUST
realm = MABCD.CUST
security = ADS
load printers = No
printcap name = /dev/null
disable spoolss = Yes
template homedir = /home/%U
template shell = /sbin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
idmap config CUST:range = 10000-99999
idmap config CUST:backend = rid
idmap config *:range = 2000-9999
idmap config * : backend = tdb
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
This *seems* to work fine now there with some test-shares ... is it
correct in general terms?
If yes, I would take this config to the production server then later
this evening.
Thanks!
More information about the samba
mailing list