[Samba] idmap config ad
Sonic
sonicsmith at gmail.com
Mon Jan 28 14:10:58 UTC 2019
Trying to use the idmap config ad on a domain member. The AD is an
actual Windows server and when logged in the AD server running ADUC
the NIS domain field on the UNIX attributes tab only shows a dash and
is cannot be changed.
Domain member is RHEL 7.6 running Samba 4.8.3.
Pertinent part of smb.conf:
=====================================
[global]
security = ADS
workgroup = MYDOMAIN
realm = MYDOMAIN.LOCAL
server string = mydomain
kerberos method = secrets and keytab
winbind refresh tickets = yes
idmap config * : backend = tdb
idmap config * : range = 3000-8999
idmap config MYDOMAIN : backend = ad
idmap config MYDOMAIN : schema_mode = rfc2307
idmap config MYDOMAIN : range = 10000-99999
idmap config MYDOMAIN : unix_nss_info = yes
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
=====================================
The documentation seems to strictly point to using a Samba AD with the
RSAT utility and here we're logged right on to the Windows AD using
the native ADUC application.
Thanks for any assistance!
Chris
More information about the samba
mailing list