[Samba] samba 4 ad member - idmap = ad for machine accounts
tomict
samba at iucn.nl
Mon Nov 20 20:27:18 UTC 2017
Samba - General mailing list wrote
> On Mon, 20 Nov 2017 10:43:58 -0700 (MST)
> tomict via samba <
> samba at .samba
> > wrote:
> On Unix there are users, groups and computers, whilst on
> Windows there are users, groups and special users that are also
> computers ;-)
>
> You posted that you have added uidNumber and gidNumber attributes to
> the users and groups, did this include 'Domain Computers' ?
Yes, "Domain Computers" and other groups as well, have a GID (Group ID,
10003 in my case)
Samba - General mailing list wrote
> For the Unix OS to know about the users, it asks winbind (via NSS) and
> winbind (when using the 'ad' backend) will return data for users that
> have a uidNumber AND their primary group has a gidNumber. For the
> normal users this is Domain Users, but for computers, it is Domain
> Computers.
>
> If 'getent passwd PC050$' doesn't return anything, then you need to
> find out why.
indeed, getent passwd PC050$ does not return anything.
In the ADUC attribute editor it shows
sAMAccountType : 805306369 = ( MACHINE_ACCOUNT)
primaryGroupID : 515 = ( GROUP_RID_COMPUTERS )
gidNumber : not set
I understand from your question that computer network accounts should be
visible in the list of user accounts (getent passwd) and that computer
accounts must have a GID in order to 'show up'. However, I have no computers
showing up. Can I set that somewhere? I tried setting the attribures
'uid''gid'and 'gidNumber' with the ADUC attribute editor but that did not
result in the computer showing up in 'getent passwd'
'getent group' does list all the groups that have a GID set, including
"Domain Computers"
Tom
--
Sent from: http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
More information about the samba
mailing list