[Samba] map gidNumber

basti mailinglist at unix-solution.de
Thu Jul 23 13:07:51 UTC 2020


hello,
is there a way to map usergroups via winbind?

I need 'getent passwd':
testuser:x:7072:513::/home/users/testuser:/bin/bash

but I get:
testuser:x:7072:30000::/home/users/testuser:/bin/bash

gidNumber is set to 513 in samba-ldap.


cat /etc/nsswitch.conf
passwd:         compat winbind
group:          compat winbind


cat /etc/samba/smb.conf
[global]
       security = ADS
       workgroup = SAMDOM
       realm = SAMDOM.EXAMPLE.COM

       log file = /var/log/samba/%m.log
       log level = 1

       winbind refresh tickets = Yes
       dedicated keytab file = /etc/krb5.keytab
       kerberos method = secrets and keytab
       winbind use default domain = yes

       load printers = no
       printing = bsd
       printcap name = /dev/null
       disable spoolss = yes

       # Default ID mapping configuration for local BUILTIN accounts
       # and groups on a domain member. The default (*) domain:
       # - must not overlap with any domain ID mapping configuration!
       # - must use an read-write-enabled back end, such as tdb.
       idmap config * : backend = tdb
       idmap config * : range = 1000-2000

       # idmap config for the SAMDOM domain
       idmap config SAMDOM:backend = ad
       idmap config SAMDOM:schema_mode = rfc2307
       idmap config SAMDOM:range = 2001-999999
       idmap config SAMDOM:unix_nss_info = yes

       template homedir = /home/users/%U
       template shell = /bin/bash

       client use spnego = yes
       client ntlmv2 auth = yes
       encrypt passwords = yes
       winbind use default domain = yes
       restrict anonymous = 2

       # fix dfs error's in log ?
       host msdfs = no



More information about the samba mailing list