[Samba] id maping
Rowland Penny
rpenny at samba.org
Mon Feb 20 12:40:00 UTC 2017
On Mon, 20 Feb 2017 13:07:29 +0100
basti via samba <samba at lists.samba.org> wrote:
> Hello,
> I have install samba ad.
> On AD the config look like
>
>
> # Default idmap config for local BUILTIN accounts and groups
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
> # idmap config for the KES domain
> idmap config SAMDOM:backend = ad
> idmap config SAMDOM:schema_mode = rfc2307
> idmap config SAMDOM:range = 1001-999999
>
Remove the above lines, they shouldn't be in a DC smb.conf
>
> when I use "getent passwd someuser" it return a valid entry
> SAMDOM\someuser:*:7072:513:someuser:/home/SAMDOM/someuser:/bin/false
>
> On a domainmember the smb.conf looks like
>
> # idmap config for the KES domain
> idmap config KES:backend = ad
> idmap config KES:schema_mode = rfc2307
> idmap config KES:range = 4000-999999
>
You are missing the '*' settings
>
> and "getent passwd someuser" return different entrys
>
> someuser:*:7072:4294967295:someuser:/home/SAMDOM/someuser:/bin/bash
Well it would, Domain Users seems to have the gidNuber '513' and this
is lower than your lower domain setting '4000'
Rowland
More information about the samba
mailing list