[Samba] Samba user mapping DC <-> DC Member
basti
mailinglist at unix-solution.de
Thu Feb 2 15:39:08 UTC 2017
I have add
idmap config * : backend = tdb
idmap config * : range = 1-512
and change
idmap config kes:range = 512-999999
Restart winbind and there is still the same problem.
On 02.02.2017 16:14, Rowland Penny via samba wrote:
> On Thu, 2 Feb 2017 15:38:48 +0100
> basti via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>>
>> I try to migrade nt4 to ad.
>> And I have import my old users to AD. The User ID starts at 1001 up
>> to 7187.
>>
>> On the DC I see the user ID, on the member I see a wrong ID.
>>
>> root at ad:~# getent passwd user
>> FOO\user:*:2029:513:System User:/home/FOO/user:/bin/false
>>
>> root at member:~# getent passwd user
>> FOO\user:*:4294967295:3002:System User:/home/FOO/user:/bin/false
>>
>> My config on member
>>
>> root at member:~# cat /etc/samba/smb.conf
>> [global]
>> security = ADS
>> workgroup = KES
>> realm = KES
>>
>> log file = /var/log/samba/%m.log
>> log level = 3
>>
>> # idmap config for the SAMDOM domain
>> idmap config kes:backend = ad
>> idmap config kes:schema_mode = rfc2307
>> idmap config kes:range = 1001-999999
>>
>> domain master = no
>> local master = no
>> preferred master = no
>> os level = 0
>>
>> winbind use default domain = yes
>>
>> client use spnego = yes
>> client ntlmv2 auth = yes
>> encrypt passwords = yes
>> restrict anonymous = 2
>>
>> An other Problem ios that i only see users, when "winbind use default
>> domain = yes" ist set.
>>
>> Best Regards
>> basti
>>
>
> Using the same name for workgroup and realm isn't really a good idea,
> you should be using something like KES.TLD and this should also be the
> dns domain for your Samba domain.
>
> You are also missing the mapping for the '*' domain
> You are not getting the users because 'Domain Users' has the gidNumber
> '513' and the range for 'kes is set to '1001-999999'
>
> Is there anyway you can change the IDs you are using ?
>
> All in all, I think you need to go and read the Samba wiki:
>
> https://wiki.samba.org/index.php/Main_Page
>
> All the info is there, any questions, please ask ;-)
>
> Rowland
>
More information about the samba
mailing list