[Samba] idmap config ad: can't resolve domain users' uids
francesco.malvezzi at unimore.it
Fri Feb 16 11:39:37 UTC 2018
> On Fri, 16 Feb 2018 12:12:32 +0100
> Francesco Malvezzi via samba <samba at lists.samba.org> wrote:
>> dear experts,
>> I would like to setup idmap config ad. I have already the uidNumber
>> attribute populated on AD.
>> But there is something very basic wrong with my config:
> Yes, there is something wrong ;-)
> See below
> Okay to here.
>> # idmap config for the EXAMPLEAD domain
>> idmap config EXAMPLEAD : backend = ad
>> idmap config EXAMPLEAD : schema_mode = rfc2307
>> idmap config EXAMPLEAD : range = 1005-999999
>> idmap config * : backend = tdb
>> idmap config * : range = 2000000-3999999
> You cannot use the above lines on a DC, they do not work!
> A DC uses idmap.ldb OR uidNumber & gidNumber attributes from AD
should I remove tout-court this part?
> What OS ?
Debian GNU/Linux 9 (stretch)
> What version of Samba ?
> Packages or self compiled ?
> Have you set up libnss_winbind ?
not yet, but I was aiming at sssd,
More information about the samba