[Samba] Samba AD-DC idmap config
John Redmond
barkingdoggy at gmail.com
Wed Oct 16 15:06:06 UTC 2019
Following the guidance here,
https://wiki.samba.org/index.php/Idmap_config_ad, I added idmap lines to my
smb.conf file on my Samba 4.7 AD-DC server on Ubuntu 18.04. Samba no
longer starts and testparm reports that the idmap ranges for the default *
domain and the AD domain are overlapping. Here's my smb.conf file (FWIW,
if I don't comment security = ADS, server role is set to Member Server):
# Global parameters
[global]
dns forwarder = 8.8.8.8
netbios name = DC0
realm = SAMDOM.COM
server role = active directory domain controller
workgroup = SAMDOM
# Global parameters from
https://wiki.samba.org/index.php/Idmap_config_ad#Advantages_and_Disadvantages_of_the_ad_Back_End
# security = ADS
log file = /var/log/samba/%m.log
log level = 1
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use a read-write-enabled back end, such as tdb.
idmap config * : backend = tdb
idmap config * : range = 3000-7999
# - You must set a DOMAIN backend configuration
# idmap config for the SAMDOM domain
idmap config LAN:backend = ad
idmap config LAN:schema_mode = rfc2307
idmap config LAN:range = 10000-999999
idmap config LAN:unix_nss_info = yes
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
[netlogon]
path = /var/lib/samba/sysvol/lsamdom.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
End of file.
I'm try to get this working in order to be able to implement a Samba file
server joined to the domain, which AD users will access with winbind.
Thanks.
More information about the samba
mailing list