[Samba] member domain idmap config ad/rid

Rowland Penny rpenny at samba.org
Tue May 30 07:20:33 UTC 2017

On Mon, 29 May 2017 19:37:44 -0300
Elias Pereira via samba <samba at lists.samba.org> wrote:

> Hello,
> If my AD will only provide service for machines with windows operating
> system I can use the *idmap config ADDC: backend = ad*, correct or
> did I get it all wrong?
> For both unix and windows machines I need *idmap config ADDC: backend
> = rid* ?

Yes, you have got it wrong ;-)

If you do not want to add anything to AD, then you use the 'rid'
backend and 'ID' numbers will be calculated for you. You will also have
to place 'template' shell & homedir lines in smb.conf

If you want/need some of your users to have different login shells or
home directories, you will need to use the 'ad' backend. This will use
the contents of attributes in AD.

Either will work equally well on windows & Unix

> Other question.
> *Wiki Prerequisites says:*
> "Users must have at least the uidNumber and groups the gidNumber
> attribute set. When using the rfc2307 winbind NSS info mode, user
> accounts must also have the loginShell, unixHomeDirectory and
> primaryGroupID set."
> I need to set manually for each user the inputs informed above?

Yes, you need to add the RFC2307 attributes manually, there is nothing
that adds them automatically.


More information about the samba mailing list