[Samba] idmap_ad overlap with domain and sub-domain overlap
wvu.hpc at gmail.com
Wed Apr 18 15:15:57 UTC 2018
Thanks Rowland ... I going to follow your guidance and push towards having
a different range for the sub domain. Much appreciate your responses!
On Wed, Apr 18, 2018 at 11:13 AM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Wed, 18 Apr 2018 10:52:12 -0400
> Wvu Hpc <wvu.hpc at gmail.com> wrote:
> > Hi Rowland,
> > Thanks for the help and ideally I would like to get rid of the sub
> > domain all together but that is probably not going to happen.
> > So couple comments and please forgive any of my ignorance.
> No problem.
> > For your second question, all users in the subdomain who have access
> > to the SAMBA server do have uidNumber set and it matches the
> > uidNumber set in MASTER. Since this is the case, would the
> > overlapping ranges be OK? I saw this post (
> > https://lists.samba.org/archive/samba-technical/2016-
> > and thought it might indicate it is OK but was not sure?
> Yes I know what it says there, but 'man idmap_ad' still says the ranges
> mustn't overlap (okay, is says 'disjoint', but this the same thing)
> > For 'winbind use default domain = Yes' I thought this would assume the
> > default domain for ssh logins as being the master since I have "idmap
> > config MASTER:default = yes". Appears to work as it allows users to
> > login without having to specify a domain. Although, if a user from
> > the SUB domain logs in they must specify the SUB\user to login. Is
> > that incorrect? If I remove use default = yes, users of MASTER must
> > also specify their domain during login ... at least that is how it
> > seemed during testing?
> Setting 'winbind use default domain = yes' means that all your users
> will be treated as being members of the 'MASTER' domain, now this might
> seem to work for you, but I think it is going to end in tears ;-)
> When it comes down to it, they are your domains and you can do as you
> wish, all I can say is that I would find another of doing it.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba