[Samba] idmap config ad: can't resolve domain users' uids
Francesco Malvezzi
francesco.malvezzi at unimore.it
Fri Feb 16 11:39:37 UTC 2018
> On Fri, 16 Feb 2018 12:12:32 +0100
> Francesco Malvezzi via samba <samba at lists.samba.org> wrote:
>
>> dear experts,
>>
>> I would like to setup idmap config ad. I have already the uidNumber
>> attribute populated on AD.
>>
>> But there is something very basic wrong with my config:
>
> Yes, there is something wrong ;-)
> See below
>
[...]
>>
>
> Okay to here.
>
>> # idmap config for the EXAMPLEAD domain
>> idmap config EXAMPLEAD : backend = ad
>> idmap config EXAMPLEAD : schema_mode = rfc2307
>> idmap config EXAMPLEAD : range = 1005-999999
>>
>> idmap config * : backend = tdb
>> idmap config * : range = 2000000-3999999
>
> You cannot use the above lines on a DC, they do not work!
> A DC uses idmap.ldb OR uidNumber & gidNumber attributes from AD
should I remove tout-court this part?
>
> What OS ?
Debian GNU/Linux 9 (stretch)
> What version of Samba ?
4.7.5
> Packages or self compiled ?
self compiled
> Have you set up libnss_winbind ?
not yet, but I was aiming at sssd,
thank you,
Francesco
More information about the samba
mailing list