[Samba] idmap config ad

Sonic sonicsmith at gmail.com
Mon Jan 28 14:10:58 UTC 2019


Trying to use the idmap config ad on a domain member. The AD is an
actual Windows server and when logged in the AD server running ADUC
the NIS domain field on the UNIX attributes tab only shows a dash and
is cannot be changed.

Domain member is RHEL 7.6 running Samba 4.8.3.

Pertinent part of smb.conf:
=====================================
[global]
        security = ADS
        workgroup = MYDOMAIN
        realm = MYDOMAIN.LOCAL
        server string = mydomain

        kerberos method = secrets and keytab
        winbind refresh tickets = yes

        idmap config * : backend = tdb
        idmap config * : range = 3000-8999
        idmap config MYDOMAIN : backend = ad
        idmap config MYDOMAIN : schema_mode = rfc2307
        idmap config MYDOMAIN : range = 10000-99999
        idmap config MYDOMAIN : unix_nss_info = yes

        vfs objects = acl_xattr
        map acl inherit = yes
        store dos attributes = yes
=====================================

The documentation seems to strictly point to using a Samba AD with the
RSAT utility and here we're logged right on to the Windows AD using
the native ADUC application.

Thanks for any assistance!

Chris



More information about the samba mailing list