[Samba] idmaps, again
Stefan G. Weichinger
lists at xunil.at
Fri Mar 22 15:11:58 UTC 2019
Am 22.03.19 um 11:43 schrieb Stefan G. Weichinger via samba:
> Am 22.03.19 um 11:01 schrieb Rowland Penny via samba:
>
>>> Would the users itself need some editing as well (inside LDAP/AD)?
>>
>> This is really up to you, you could, if you so wish, remove all the
>> rfc2307 attributes from AD, or you could just ignore them.
>
> nice. sounds like my weekend project ;-) *sigh*
>
> thanks a lot ... will check my backups asap
change is through, my tests look good to me
I now run on the DM server:
# samba-tool testparm
[global]
dedicated keytab file = /etc/krb5.keytab
interfaces = bond0
kerberos method = secrets and keytab
log file = /var/log/samba/%m.log
log level = 2
printcap name = /dev/null
realm = ARBEITSGRUPPE.MY-TLD.AT
security = ADS
template homedir = /mnt/samba/Daten/%U
template shell = /bin/bash
username map = /etc/samba/user.map
winbind nss info = template
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = ARBEITSGRUPPE
idmap config arbeitsgruppe:schema_mode = rfc2307
idmap config arbeitsgruppe:unix_nss_info = yes
idmap config arbeitsgruppe:range = 10000-999999
idmap config arbeitsgruppe:backend = rid
idmap config * : range = 2000-3999
idmap config * : backend = tdb
map acl inherit = Yes
store dos attributes = Yes
vfs objects = acl_xattr
I maybe even will reduce the range down to "10000-11000" or so ... only
<100 users there for the next years.
More information about the samba
mailing list