[Samba] security = ads parameter not working in samba 4.9.5
Rowland penny
rpenny at samba.org
Wed Nov 27 12:29:22 UTC 2019
On 27/11/2019 11:03, Sérgio Basto via samba wrote:
> Sorry I meant man idmap_ad. But checking again man is equal of
> https://wiki.samba.org/index.php/Idmap_config_ad in EXAMPLES of man
> page [1]
>
> Examples don't mention netbios name ... I did [2] which instead use
> workgroup I used netbios name and it is working but still don't know
> why or even if it correct .
You do not need to set 'netbios name', it will be set for you from the
hostname
>
>
>
> [2]
> [global]
> netbios name = REPO
> security = ADS
> workgroup = SAMDOM
> realm = SAMDOM.EXAMPLE.COM
>
> winbind use default domain = yes
>
> idmap config * : backend = tdb
> idmap config * : range = 1000000-1999999
>
> idmap config REPO : backend = ad
> idmap config REPO : schema_mode = rfc2307
> idmap config REPO : range = 10000-999999
> idmap config REPO : unix_nss_info = yes
You need to use the workgroup name, not the netbios name. There will be
three domains on your Unix domain member:
BUILTIN : Mostly used for the Well Known SIDs
SAMDOM : Your AD domain
REPO : a local domain and not really relevant
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
>
> template shell = /bin/false
> template homedir = /srv/samba/users/%U
> username map = /var/lib/samba/user.map
>
>
>
> [1]
> EXAMPLES
> The following example shows how to retrieve idmappings from our
> principal and trusted AD domains. If trusted domains are present id
> conflicts must be resolved beforehand, there is no guarantee on
> the order conflicting mappings would be resolved at this point.
> This example also shows how to leave a small non conflicting
> range for local id allocation that may be used in internal backends
> like BUILTIN.
>
> [global]
> workgroup = CORP
>
> idmap config * : backend = tdb
> idmap config * : range = 1000000-1999999
>
> idmap config CORP : backend = ad
> idmap config CORP : range = 1000-999999
Rowland
More information about the samba
mailing list