[Samba] idmap config ad: can't resolve domain users' uids
Rowland Penny
rpenny at samba.org
Fri Feb 16 11:58:27 UTC 2018
On Fri, 16 Feb 2018 12:39:37 +0100
Francesco Malvezzi via samba <samba at lists.samba.org> wrote:
> > On Fri, 16 Feb 2018 12:12:32 +0100
> > Francesco Malvezzi via samba <samba at lists.samba.org> wrote:
> >
> >> dear experts,
> >>
> >> I would like to setup idmap config ad. I have already the uidNumber
> >> attribute populated on AD.
> >>
> >> But there is something very basic wrong with my config:
> >
> > Yes, there is something wrong ;-)
> > See below
> >
> [...]
> >>
> >
> > Okay to here.
> >
> >> # idmap config for the EXAMPLEAD domain
> >> idmap config EXAMPLEAD : backend = ad
> >> idmap config EXAMPLEAD : schema_mode = rfc2307
> >> idmap config EXAMPLEAD : range = 1005-999999
> >>
> >> idmap config * : backend = tdb
> >> idmap config * : range = 2000000-3999999
> >
> > You cannot use the above lines on a DC, they do not work!
> > A DC uses idmap.ldb OR uidNumber & gidNumber attributes from AD
>
> should I remove tout-court this part?
Not sure I understand that, but it sounds like you are asking if you
should remove the lines, if so, the answer is yes.
>
> >
> > What OS ?
>
> Debian GNU/Linux 9 (stretch)
>
> > What version of Samba ?
>
> 4.7.5
>
> > Packages or self compiled ?
>
> self compiled
Why ? You could use the packages from Louis
>
> > Have you set up libnss_winbind ?
That is why it doesn't work ;-)
>
> not yet, but I was aiming at sssd,
>
Okay, but if you get authentication problems after installing sssd, you
should ask on the sssd-users mailing list, sssd has nothing to do with
Samba.
Rowland
More information about the samba
mailing list