[Samba] Samba AD and NIS integration

Stephen Parry sgparry at mainscreen.com
Thu Nov 16 10:08:32 UTC 2017 

Thanks for your reply Rowland.

> The id ranges are what you choose, reading this may help:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Setting_up_a_Basic_smb.conf_File
>
> >/Is there any working way of controlling those ranges, />/given idmap breaks stuff? /
> What do you mean 'idmap breaks things' ?
>
Sorry, should have made it clearer that my SAMBA is configured as AD 
Primary Domain Controller; According to 
https://wiki.samba.org/index.php/Updating_Samba#Failure_To_Access_Shares_on_Domain_Controllers_If_idmap_config_Parameters_Set_in_the_smb.conf_File, 
idmapping does not work for AD Domain Controllers. Other pages suggest 
many of the winbind parameters are simply ignored and I can confirm this 
is the case.

Ranges are clearly being set; if I create a user with uidNumber in the 
30xxxxxx range, the user can log in to the linux shell correctly and her 
details are clearly visible in linux using the id command. If I use a 
lower uidNumber of say 3000, she can log in in to linux, but the prompt 
shows "This user has no name!" and the id command fails to resolve her 
uid. There are ranges there but I have no control over them. Setting the 
correct domain specific settings in smb.conf appear to have no effect. I 
have tried.

> If you mean make the Unix OS know who the AD users and groups are, then
> yes.
Specifically, what I need is my Linux clients to be able to both log in 
locally and also connect to NFS shares on the server, authenticating 
using either LDAP or NIS, but in both cases using the same logins and 
passwords as the Windows clients who will be connecting to SMB shares 
using SMB protocols. So far I have the auth working just locally on the 
server. If I join my win clients to the domain, I believe that will also 
work, though I will try that last to avoid any catastrophes should I 
need to change the domain setup. However, linux client logins client to 
server NIS/LDAP/NFS connections are in the wind currently.

I will trawl through the wiki again later, but what I am missing is full 
context. What is often not clear from the docs is whether or not what is 
documented there applies to / work with my specific set up, e.g. whether 
it works when you are using AD and a Samba PDC; whether it applies to 
clients local linux log on, etc.

regards

Stephen

More information about the samba mailing list