[Samba] idmap config ad
rpenny at samba.org
Thu Jan 31 17:00:47 UTC 2019
On Thu, 31 Jan 2019 11:42:35 -0500
Sonic <sonicsmith at gmail.com> wrote:
> On Mon, Jan 28, 2019 at 9:28 AM Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > Does Domain Users have a gidNumber attribute containing a number
> > inside the 10000-99999' range ?
> > Do any Active directory groups have such a gidNumber ?
> Hi Rowland,
> Not at this time, I didn't know that had to be assigned first.
Yes it does, if you use the winbind 'ad' backend, you MUST add rfc2307
attributes to users & groups in AD, they are never added automatically.
> However, that brings up another question. There's an application that
> both AD authenticated Samba users and non-AD users need to run where
> both sets of users need to have the same primary group membership. Is
> this possible with Winbind? Or possibly sssd if not?
I think this all depends on what you mean by 'non-AD users'.
If you are referring to local Unix users and AD users having the same
primary group, then this is never going to work. I think you need to
expand on just what you are trying to do and how.
More information about the samba