[Samba] id maping
L.P.H. van Belle
belle at bazuin.nl
Mon Feb 20 12:31:57 UTC 2017
Hai,
Your ADDC and member setup is incorrect.
ADDC => https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD
( hint: remove all : idmap config lines )
Member =>
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
(hint: add the lines removed from the AD. )
And this is always wrong so correct them.
> idmap config SAMDOM:range = 1001-999999
> idmap config * : range = 3000-7999
These overlap, which is not allowed.
After the changed, run : net cache flush
Restart samba and winbind
File server setttings:
https://wiki.samba.org/index.php/Samba_File_Serving
and also very helpfull
https://wiki.samba.org/index.php/User_Documentation
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens basti via samba
> Verzonden: maandag 20 februari 2017 13:07
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] id maping
>
> Hello,
> I have install samba ad.
> On AD the config look like
>
> # Global parameters
> [global]
> netbios name = DC1
> realm = SAMDOM.EXAMPLE.COM
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> workgroup = SAMDOM
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
>
> # Default idmap config for local BUILTIN accounts and groups
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
> # idmap config for the KES domain
> idmap config SAMDOM:backend = ad
> idmap config SAMDOM:schema_mode = rfc2307
> idmap config SAMDOM:range = 1001-999999
>
> [netlogon]
> path = /var/lib/samba/sysvol/kes.carlmarie.de/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> when I use "getent passwd someuser" it return a valid entry
> SAMDOM\someuser:*:7072:513:someuser:/home/SAMDOM/someuser:/bin/false
>
> On a domainmember the smb.conf looks like
>
> security = ADS
> workgroup = SAMDOM
> realm = SAMDOM.EXAMPLE.COM
>
> log file = /var/log/samba/%m.log
> log level = 3
>
> # idmap config for the KES domain
> idmap config KES:backend = ad
> idmap config KES:schema_mode = rfc2307
> idmap config KES:range = 4000-999999
>
> winbind enum users = yes
> winbind enum groups = yes
> template homedir = /home/%D/%U
>
> template shell = /bin/bash
> client use spnego = yes
> client ntlmv2 auth = yes
> encrypt passwords = yes
> winbind use default domain = yes
> restrict anonymous = 2
>
> and "getent passwd someuser" return different entrys
>
> someuser:*:7072:4294967295:someuser:/home/SAMDOM/someuser:/bin/bash
>
> after "net cache flush" I get
>
> someuser:*:4294967295:4294967295:someuser:/home/SAMDOM/someuser:/bin/bash
>
> I read the samba config again and agian but i do not understand the
> problem above. I have import the users from nt4 doamin an all my users
> starts at uid 3000 and have a gid of 513 (Domain Users).
>
> how can I map the gid 513 to AD?, i can't chown all the files on all
> fileservers inmy domain.
> whats wrong there?
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list