[Samba] How to set same UID and GID for ADDC server and all Member server

Dario Lesca d.lesca at solinos.it
Thu Nov 22 16:37:19 UTC 2018 

Il giorno gio, 22/11/2018 alle 13.46 +0000, Rowland Penny via samba ha
scritto:
> I do hope this is a test domain, using the standard fedora packages
> fora DC is considered experimental

Yes, for now is a test domain, but, if it works great, why do not used
it in a production environment?

Why the DC Fedora Package  is considered experimental?

The last samba version is 4.9.2, Fedora Team have rebuild this versione
and I have install this version ... without install compiler tools on
my AD-DC

> > Or set a specific UID/GID to all user/group?
> 
> Yes, it is called using rfc2307 attributes, add uidNumber &
> gidNumberattributes to AD and then use the winbind 'ad' backend on
> the Unixdomain members.
> See here for more info:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Ok, thanks, I forgot on member server to set rfc2307, and set the type
of winbind backend to use.
In fact, I do not need have on the DC the same IDs of members servers I
will only use the Samba AD DC for authentication and will not store
data on it or log into it
Then I set the backend to 'rid' and I keep on every Unix domain member
the same range ID.
Now the [global] of my smb.conf is
# Global parameters[global]        printcap name = cups        realm =
DOM.LOC        security = ADS        template homedir =
/u/samba/home/%U        template shell = /bin/bash        winbind enum
groups = Yes        winbind enum users = Yes        winbind offline
logon = Yes        winbind use default domain = Yes        workgroup =
DOM        rpc_daemon:spoolssd = fork        rpc_server:spoolss =
external        idmap config dom:backend = rid        idmap config
dom:range = 1000000-3000000        idmap config dom:schema_mode =
rfc2307        idmap config * : range = 10000-99999        idmap config
* : backend = tdb        cups options = raw
It's correct?In this way, I do not must set add uidNumber & gidNumber
on AD ... right?
Many thanks  

-- 
Dario Lesca
(inviato dal mio Linux Fedora 28 Workstation)

More information about the samba mailing list