[Samba] Samba 4.1.17-Debian as ADS member
Rowland penny
rpenny at samba.org
Wed Feb 24 13:11:25 UTC 2016
On 24/02/16 12:57, Stefan G. Weichinger wrote:
> Am 2016-02-24 um 13:44 schrieb Sketch:
>> On Wed, 24 Feb 2016, Stefan G. Weichinger wrote:
>> [snip]
>>> idmap config CUST:range = 10000-99999
>>> idmap config CUST:backend = ad
>>> idmap config *:range = 2000-9999
>>> idmap config * : backend = tdb
>> If your idmap backend is ad, you need to assign your users uids (and
>> gids for groups) in active directory. You don't mention if you did that
>> or not. Only users/groups with uids/gids will get mapped to linux users.
> In fact I didn't have any idmap-related lines in there before the
> problems arised today. It worked so far!
>
> Using "ad" backend was a step in panic today ... without any mapping, right!
>
> I set up a test VM now, same OS and software, with
>
> [global]
> workgroup = CUST
> realm = MABCD.CUST
> security = ADS
> load printers = No
> printcap name = /dev/null
> disable spoolss = Yes
> template homedir = /home/%U
> template shell = /sbin/bash
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind refresh tickets = Yes
> idmap config CUST:range = 10000-99999
> idmap config CUST:backend = rid
> idmap config *:range = 2000-9999
> idmap config * : backend = tdb
> printing = bsd
> print command = lpr -r -P'%p' %s
> lpq command = lpq -P'%p'
> lprm command = lprm -P'%p' %j
>
> This *seems* to work fine now there with some test-shares ... is it
> correct in general terms?
>
> If yes, I would take this config to the production server then later
> this evening.
>
> Thanks!
>
>
That seems to prove what Sketch said is true, you haven't got any
uidNumber or gidNumber attributes in AD. The 'rid' backend calculates
UIDs & GIDs from the user or group RID.
Rowland
More information about the samba
mailing list