[Samba] Using net ads user to get child domain users on Samba 4.10.7
Rowland penny
rpenny at samba.org
Wed Sep 11 07:04:12 UTC 2019
On 11/09/2019 03:10, Jeremy via samba wrote:
> Hi Rowland,
>
> My smb.conf is showing below:
>
> server string = "Samba Server"
> security = ADS
> realm = QSAN.AD.COM
> workgroup = QSAN
> encrypt passwords = Yes
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind cache time = 1800
> idmap config * : backend = tdb
> idmap config * : range = 1000000-5000000
> idmap config QSAN : backend = rid
> idmap config QSAN : range = 6000000-8000000
> idmap config QSAN : base_rid = 0
> template shell = /bin/sh
> template homedir = /share/UserHome/%D+%U
>
> Did i miss something? Could i ask how to get child domains users using
> "net" correctly?
> By the way, both of my AD servers are Windows server 2012
>
If by 'child domain' you mean that you have two domains 'QSAN' and
'HARDWARE', then 'HARDWARE' is never going to be known by 'QSAN' unless
it is a trusted domain and you add something like this to your smb.conf:
idmap config HARDWARE : backend = rid
idmap config HARDWARE : range = 9000000-10000000
Rowland
More information about the samba
mailing list