[Samba] AD Users on Linux Laptop

L.P.H. van Belle belle at bazuin.nl
Thu Jul 9 10:05:10 UTC 2020 

Ahha, perfect, nice. 

So per example. ( from my setup ) 
 idmap config *:range = 2000-9999
 idmap config SAMDOM : range = 10000-3999999 

And if i understanded it right we should use 10000 

Can you try this : 

sed -i "s/pam_krb5.so minimum_uid=1000/pam_krb5.so minimum_uid=$(grep range /etc/samba/smb.conf|grep -v \* |cut -d"=" -f2 | cut -d"-" -f1|cut -c2-10000000000)/g" /usr/share/pam-configs/krb5
pam-auth-update

Looks good to me. 
Or we could try to change requered to sufficient in /usr/share/pam-configs/krb5 
Still reading a bit on this part. 

:-) 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: donderdag 9 juli 2020 11:27
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] AD Users on Linux Laptop
> 
> On 09/07/2020 09:50, L.P.H. van Belle via samba wrote:
> > Hai Rowland,
> >
> > Maybe i didnt understand your reply that well, but why 
> would you change it.
> >
> > All (linux) users have  minimum_uid=1000 and start at 1000.
> > All (windows) users (samba) are above  minimum_uid=1000
> >
> > So in my optinion, you should not be needed to change this.
> > Unless your users start below 1000.
> >
> > Also cat /etc/adduser.conf shows ( For Debian/Buster )
> >
> > # FIRST_[GU]ID to LAST_[GU]ID inclusive is the range of 
> UIDs of dynamically
> > # allocated user accounts/groups.
> > FIRST_UID=1000
> > LAST_UID=29999
> >
> > FIRST_GID=1000
> > LAST_GID=29999
> >
> > If you can give me an example when its not working, ill 
> have look at it..
> 
> OK, if you use 1000 and try to change the password for a 
> local Unix user 
> (not to be confused with a domain Unix user), you get this:
> 
> pi at raspberrypi:~ $ sudo passwd adminuser
> Current Kerberos password:
> 
> But if you use the low range number instead of '1000', you get:
> 
> pi at raspberrypi:~ $ sudo passwd adminuser
> Enter new password:
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list