[Samba] getenv does not return any AD DOMAIN users or groups - ?nsswitch is not setup for Samba?
Rowland Penny
rpenny at samba.org
Mon Nov 19 09:19:06 UTC 2018
On Mon, 19 Nov 2018 03:23:29 +0000
"Barry D. Adkins via samba" <samba at lists.samba.org> wrote:
> >What is wrong with the Samba wiki, what didn't go exactly like the
> >wiki ?
>
> https://wiki.samba.org/index.php/Maintaining_Unix_Attributes_in_AD_using_ADUC
>
> Well take this wiki that I'm trying to follow to add the AD uid/gid
> to the objects. It's helpful and confusing, but maybe because I'm
> just not informed enough.
>
> I got the property pages to show in AD Users & Computers, but there
> is no NIS Domain offered to select. No guidance on that, unless I've
> done something out of sequence that would have populated that.
>
> It then Gives this guidance to perform before you use AD U & C...
> after it has just led you down the path of using AD U & C.
>
> # Defining the next UID/GID number to use
> # Every time a UID/GID number is assigned using Active Directory
> Users and Computers (ADUC), the next UID/GID number is stored inside
> the Active Directory. By default, ADUC starts assigning UID and # GID
> numbers at 10000.
>
> # If you setup a new Samba AD and want to use a different start
> value, you will need to add the counting attributes before using ADUC
> for the first time:
>
> # ldbedit -H /usr/local/samba/private/sam.ldb -b \
> CN=samdom,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=samdom,DC=example,DC=com
>
> # msSFU30MaxUidNumber: 10000
> # msSFU30MaxGidNumber: 10000
>
> # With the same command you can change the values. E. g. if you
> require to start UID numbers at 20000 and GIDs at 50000, adapt the
> values to your requirements:
>
> # msSFU30MaxUidNumber: 20000
> # msSFU30MaxGidNumber: 50000
>
> I don't seem to find an "ldb" file anywhere and since we are using an
> AD Domain, perhaps there shouldn't be one.
>
> I wouldn't have gone looking for an "ldb" file except for this wiki.
>
> I'll continue to rummage around trying to figure out how to get an
> entry to choose for the NIS Domain, although I'm not sure what it
> should be. I would guess it would be the same name as the AD Domain
> Name. Looking over the above ldbedit command it seems like it will
> create an entry of samdom.example.com or in my case would be
> samdom.domain.com but is that what we really want/need to do?
>
> Barry
Reading all of the above a few questions spring to mind:
What is the AD DC ?
If it is a Windows DC, is 'IDMU' installed (also known as 'services for
Unix) ?
If it is a Samba DC, did you provision with '--use-rfc2307' ?
Rowland
More information about the samba
mailing list