[Samba] Samba AD and NIS integration
Stephen Parry
sgparry at mainscreen.com
Thu Nov 16 10:08:32 UTC 2017
Thanks for your reply Rowland.
> The id ranges are what you choose, reading this may help:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Setting_up_a_Basic_smb.conf_File
>
> >/Is there any working way of controlling those ranges, />/given idmap breaks stuff? /
> What do you mean 'idmap breaks things' ?
>
Sorry, should have made it clearer that my SAMBA is configured as AD
Primary Domain Controller; According to
https://wiki.samba.org/index.php/Updating_Samba#Failure_To_Access_Shares_on_Domain_Controllers_If_idmap_config_Parameters_Set_in_the_smb.conf_File,
idmapping does not work for AD Domain Controllers. Other pages suggest
many of the winbind parameters are simply ignored and I can confirm this
is the case.
Ranges are clearly being set; if I create a user with uidNumber in the
30xxxxxx range, the user can log in to the linux shell correctly and her
details are clearly visible in linux using the id command. If I use a
lower uidNumber of say 3000, she can log in in to linux, but the prompt
shows "This user has no name!" and the id command fails to resolve her
uid. There are ranges there but I have no control over them. Setting the
correct domain specific settings in smb.conf appear to have no effect. I
have tried.
> If you mean make the Unix OS know who the AD users and groups are, then
> yes.
Specifically, what I need is my Linux clients to be able to both log in
locally and also connect to NFS shares on the server, authenticating
using either LDAP or NIS, but in both cases using the same logins and
passwords as the Windows clients who will be connecting to SMB shares
using SMB protocols. So far I have the auth working just locally on the
server. If I join my win clients to the domain, I believe that will also
work, though I will try that last to avoid any catastrophes should I
need to change the domain setup. However, linux client logins client to
server NIS/LDAP/NFS connections are in the wind currently.
I will trawl through the wiki again later, but what I am missing is full
context. What is often not clear from the docs is whether or not what is
documented there applies to / work with my specific set up, e.g. whether
it works when you are using AD and a Samba PDC; whether it applies to
clients local linux log on, etc.
regards
Stephen
More information about the samba
mailing list