[Samba] Samba v3 works with LDAP, but not Samba v4
Andrew Bartlett
abartlet at samba.org
Wed Oct 17 17:36:01 UTC 2018
On Wed, 2018-10-17 at 06:17 -0700, Emil Henry via samba wrote:
> HI Andrew!
>
> > The user 'johndoe' seems to be rejected because it has the wrong SID.
> >
> > It is the group in this case, we changed the rules to make them
> > stricter a while back, the primary group needs a group mapping entry
> > matching the SID of the standalone server.
> >
>
> How would I match the Primary Group without breaking the existing Samba
> server that connects to this LDAP server? That samba server does not belong
> to me, and may stay at v3 for a while longer.
G'Day Emil,
I asked at the start of this if you had any other Samba servers talking
to this LDAP backend. Clearly we have miscommunicated.
Your configuration is not supported. One 'domain' per LDAP backend is
the rule.
Each standalone server is a domain of itself. The only way to share a
backend is to make all servers that use the backend be NT4-like DCs of
the same domain.
You will need to work with the owner of the other Samba server to
resolve this. Ideally you would upgrade to Samba's AD DC and make both
file servers domain members, but as Rowland mentions this can a long
and difficult process depending on what else depends on this LDAP
server.
Sorry,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list