[Samba] idmap config ad
Rowland Penny
rpenny at samba.org
Thu Jan 31 17:00:47 UTC 2019
On Thu, 31 Jan 2019 11:42:35 -0500
Sonic <sonicsmith at gmail.com> wrote:
> On Mon, Jan 28, 2019 at 9:28 AM Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > Does Domain Users have a gidNumber attribute containing a number
> > inside the 10000-99999' range ?
> >
> > Do any Active directory groups have such a gidNumber ?
>
> Hi Rowland,
>
> Not at this time, I didn't know that had to be assigned first.
Yes it does, if you use the winbind 'ad' backend, you MUST add rfc2307
attributes to users & groups in AD, they are never added automatically.
>
> However, that brings up another question. There's an application that
> both AD authenticated Samba users and non-AD users need to run where
> both sets of users need to have the same primary group membership. Is
> this possible with Winbind? Or possibly sssd if not?
>
> Thanks,
>
> Chris
I think this all depends on what you mean by 'non-AD users'.
If you are referring to local Unix users and AD users having the same
primary group, then this is never going to work. I think you need to
expand on just what you are trying to do and how.
Rowland
More information about the samba
mailing list