[Samba] RFC2307 on AD DC
Marcio Vogel Merlone dos Santos
marcio.merlone at a1.ind.br
Wed Aug 8 13:18:51 UTC 2018
Hi all,
I am deploying a new AD DC for our network using Ubuntu 18.04 and
BIND_DLZ. Al lis fine but the RFC2307 attributes on DC. What's the
recommended/correct way to use RFC2307 attributes on DC? At the wiki (1)
it says:
> For example, setting up an ID mapping back end, such as|ad|(RFC2307)
> or|rid|, in the|smb.conf|file is not supported an can cause
> the|samba|service to fail
Indeed, I have set a smb.conf with idmap settings below and it stops
working after some time, with user/password errors:
[global]
dns forwarder = 192.168.0.254
netbios name = ARAUCARIA
realm = AD.A1.IND.BR
server role = active directory domain controller
workgroup = A1
server services = -dns
log file = /var/log/samba/%m.log
log level = 1
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
idmap config * : backend = tdb
idmap config * : range = 500-599
idmap config A1 :backend = ad
idmap config A1 :schema_mode = rfc2307
idmap config A1 :range = 601-65300
idmap config A1 :unix_nss_info = yes
idmap config A1 :unix_primary_group = yes
[netlogon]
path = /var/lib/samba/sysvol/ad.a1.ind.br/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
I dont want to set a winbind template, I do have rfc2307 information for
our users and would like to use them on DC but could not get it working,
can someone point me to the right direction? Is winbind the way to go,
or should I look to SSSD or LikeWise?
(1) https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
Thanks and best regards.
--
*Marcio Merlone*
More information about the samba
mailing list