[Samba] two domain members, different groupIDs
Rowland Penny
rpenny at samba.org
Thu Jun 22 11:10:47 UTC 2017
On Thu, 22 Jun 2017 12:56:25 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Am 2017-06-22 um 10:44 schrieb Rowland Penny via samba:
>
> >> Can I fix that without breaking things?
> >
> > If your users have files stored on the domain members, probably not.
>
> I understand that this just creates the need to run some
> chown/chgrp-commands after correcting smb.conf and restarting samba?
I suppose it boils down to your definition of 'breaking things' ;-)
A user suddenly getting a new ID would be a breakage for me.
Using chown will fix things.
>
> > Your 'idmap config' block on ALL Unix domain members needs to be
> > something like this:
> >
> > idmap config * : backend = tdb
> > idmap config *:range = 2000-9999
> > idmap config domain : backend = rid
> > idmap config domain : range = 10000-99999
>
> I am never sure how to specify $domain in the 2nd two settings here.
>
> In this case the Domain is called ABC.XYZ and for example:
I think you may be confusing the DNS domain with the NETBios domain
(which is also called 'WORKGROUP')
>
>
> # net ads info | grep Realm
> ABC.XYZ
>
> and in smb.conf
>
> workgroup = XYZ
> realm =ABC.XYZ
>
> and in krb5.conf
>
> default_realm = ABX.XYZ
>
> so is it ->
>
> idmap config XYZ : backend = rid
^^^ THIS ^^^
>
> or
>
> idmap config ABC.XYZ : backend = rid
^^^ NEVER THIS ^^
Rowland
More information about the samba
mailing list