[Samba] map gidNumber
basti
mailinglist at unix-solution.de
Thu Jul 23 13:07:51 UTC 2020
hello,
is there a way to map usergroups via winbind?
I need 'getent passwd':
testuser:x:7072:513::/home/users/testuser:/bin/bash
but I get:
testuser:x:7072:30000::/home/users/testuser:/bin/bash
gidNumber is set to 513 in samba-ldap.
cat /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
cat /etc/samba/smb.conf
[global]
security = ADS
workgroup = SAMDOM
realm = SAMDOM.EXAMPLE.COM
log file = /var/log/samba/%m.log
log level = 1
winbind refresh tickets = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind use default domain = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use an read-write-enabled back end, such as tdb.
idmap config * : backend = tdb
idmap config * : range = 1000-2000
# idmap config for the SAMDOM domain
idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 2001-999999
idmap config SAMDOM:unix_nss_info = yes
template homedir = /home/users/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
winbind use default domain = yes
restrict anonymous = 2
# fix dfs error's in log ?
host msdfs = no
More information about the samba
mailing list