[Samba] Samba user mapping DC <-> DC Member
Rowland Penny
rpenny at samba.org
Thu Feb 2 15:14:28 UTC 2017
On Thu, 2 Feb 2017 15:38:48 +0100
basti via samba <samba at lists.samba.org> wrote:
> Hello,
>
> I try to migrade nt4 to ad.
> And I have import my old users to AD. The User ID starts at 1001 up
> to 7187.
>
> On the DC I see the user ID, on the member I see a wrong ID.
>
> root at ad:~# getent passwd user
> FOO\user:*:2029:513:System User:/home/FOO/user:/bin/false
>
> root at member:~# getent passwd user
> FOO\user:*:4294967295:3002:System User:/home/FOO/user:/bin/false
>
> My config on member
>
> root at member:~# cat /etc/samba/smb.conf
> [global]
> security = ADS
> workgroup = KES
> realm = KES
>
> log file = /var/log/samba/%m.log
> log level = 3
>
> # idmap config for the SAMDOM domain
> idmap config kes:backend = ad
> idmap config kes:schema_mode = rfc2307
> idmap config kes:range = 1001-999999
>
> domain master = no
> local master = no
> preferred master = no
> os level = 0
>
> winbind use default domain = yes
>
> client use spnego = yes
> client ntlmv2 auth = yes
> encrypt passwords = yes
> restrict anonymous = 2
>
> An other Problem ios that i only see users, when "winbind use default
> domain = yes" ist set.
>
> Best Regards
> basti
>
Using the same name for workgroup and realm isn't really a good idea,
you should be using something like KES.TLD and this should also be the
dns domain for your Samba domain.
You are also missing the mapping for the '*' domain
You are not getting the users because 'Domain Users' has the gidNumber
'513' and the range for 'kes is set to '1001-999999'
Is there anyway you can change the IDs you are using ?
All in all, I think you need to go and read the Samba wiki:
https://wiki.samba.org/index.php/Main_Page
All the info is there, any questions, please ask ;-)
Rowland
More information about the samba
mailing list