[Samba] security = ads parameter not working in samba 4.9.5

Rowland penny rpenny at samba.org
Wed Nov 27 15:51:21 UTC 2019 

On 27/11/2019 15:30, Sérgio Basto wrote:
> On Wed, 2019-11-27 at 12:29 +0000, Rowland penny via samba wrote:
>> On 27/11/2019 11:03, Sérgio Basto via samba wrote:
>>> Sorry I meant man idmap_ad. But checking again man is equal of
>>> https://wiki.samba.org/index.php/Idmap_config_ad in EXAMPLES of man
>>> page [1]
>>>    
>>> Examples don't mention netbios name ... I did [2] which instead use
>>> workgroup I used netbios name and it is working but still don't
>>> know
>>> why or even if it correct .
>> You do not need to set 'netbios name', it will be set for you from
>> the
>> hostname
>>>
>>> [2]
>>> [global]
>>>       netbios name = REPO
>>>       security = ADS
>>>       workgroup = SAMDOM
>>>       realm = SAMDOM.EXAMPLE.COM
>>>
>>>       winbind use default domain = yes
>>>
>>>       idmap config * : backend = tdb
>>>       idmap config * : range = 1000000-1999999
>>>      
>>>       idmap config REPO : backend = ad
>>>       idmap config REPO : schema_mode = rfc2307
>>>       idmap config REPO : range = 10000-999999
>>>       idmap config REPO : unix_nss_info = yes
>> You need to use the workgroup name, not the netbios name. There will
>> be
>> three domains on your Unix domain member:
>>
>> BUILTIN : Mostly used for the Well Known SIDs
>>
>> SAMDOM : Your AD domain
>>
>> REPO : a local domain and not really relevant
>
> Hi, many thanks for the reply and it started to work but I had to use
> realm
>
>       security = ADS
>       workgroup = SAMDOM
>       realm = SAMDOM.LOCAL
>       idmap config * : backend = tdb
>       idmap config * : range = 1000000-1999999
>     
>       idmap config SAMDOM.LOCAL : backend = ad
>       idmap config SAMDOM.LOCAL : schema_mode = rfc2307
>       idmap config SAMDOM.LOCAL : range = 10000-999999
>       idmap config SAMDOM.LOCAL : unix_nss_info = yes

You have something mis-configured somewhere, it MUST be workgroup, not 
realm.

Please download this:

https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh

Run it on the Unix domain member and paste the ouput into a post, do not 
attach it, this list strips attachments.

Rowland

More information about the samba mailing list