[Samba] ADS domain member: winbind fails [SOLVED]
Stefan G. Weichinger
lists at xunil.at
Sun Jan 1 15:37:41 UTC 2017
Am 2017-01-01 um 16:04 schrieb Rowland Penny via samba:
> So it looks like you only have 77 users, but cannot have any local Unix
> users because your Unix users start at 1000. How do feel about changing
> the uidNumbers ?
feels scary and I'd like to avoid that :-)
> if so, the easiest way will be to open the AD database
> with ldbedit:
>
> ldbedit -e nano -H /usr/local/samba/private/sam.ldb
>
> Then search through the file for 'uidNumber' and then change the
> contents, I would just add a '0' after the first digit i.e. '1077'
> would become '10077'
And that won't break things??
> Remove the uidNumber that contains '0'
I just have a look via ldbedit, yes, that points to:
distinguishedName: CN=root,CN=Users,DC=arbeitsgruppe,......
> check that Domain Users has a gidNumber attribute and that it contains
> a number in the 10000 range
I doesn't have that attribute as far as I see.
Do i just add that line?
> finally change 'idmap config ARBEITSGRUPPE:range = 1000-9999' to 'idmap
> config ARBEITSGRUPPE:range = 10000-99999' and put the 'idmap config
> SAMDOM : schema_mode = rfc2307' line back.
>
> restart the Samba deamons, run 'net cache flush' again then run 'getent
> passwd sgw'
Feeling like a blind brain surgeon already ;-)
I have to prepare myself mentally :-)
>> But the group is wrong.
>>
>> # wbinfo --group-info 'domain users'
>> domain users:x:4294967295:
>>
>> What to correct here, please?
>>
>>
>
> What is in the 'user.map' ?
I followed
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Mapping_the_Domain_Administrator_Account_to_the_Local_root_User
# cat user.map
!root = ARBEITSGRUPPE\Administrator
More information about the samba
mailing list