[Samba] idmap config ad: can't resolve domain users' uids
Rowland Penny
rpenny at samba.org
Fri Feb 16 11:31:48 UTC 2018
On Fri, 16 Feb 2018 12:12:32 +0100
Francesco Malvezzi via samba <samba at lists.samba.org> wrote:
> dear experts,
>
> I would like to setup idmap config ad. I have already the uidNumber
> attribute populated on AD.
>
> But there is something very basic wrong with my config:
Yes, there is something wrong ;-)
See below
>
> [global]
> netbios name = ADDC
> realm = EXAMPLE.ORG
> workgroup = EXAMPLEAD
> dns forwarder = #trimmed
> server role = active directory domain controller
> log level = 3
> log file = /var/log/samba/log.%m
> interfaces = eth0, lo
> bind interfaces only = Yes
> tls enabled = yes
> tls keyfile = /opt/samba/private/tls/addc.key
> tls certfile = /etc/ssl/certs/addc.pem
> tls cafile = /etc/ssl/certs/DigiCertCA.crt
> tls verify peer = ca_only
> printcap name = /dev/null
> ldap server require strong auth = allow_sasl_over_tls
>
Okay to here.
> # idmap config for the EXAMPLEAD domain
> idmap config EXAMPLEAD : backend = ad
> idmap config EXAMPLEAD : schema_mode = rfc2307
> idmap config EXAMPLEAD : range = 1005-999999
>
> idmap config * : backend = tdb
> idmap config * : range = 2000000-3999999
You cannot use the above lines on a DC, they do not work!
A DC uses idmap.ldb OR uidNumber & gidNumber attributes from AD
What OS ?
What version of Samba ?
Packages or self compiled ?
Have you set up libnss_winbind ?
Rowland
More information about the samba
mailing list