[Samba] map gidNumber
Rowland penny
rpenny at samba.org
Thu Jul 23 13:23:44 UTC 2020
On 23/07/2020 14:07, basti via samba wrote:
> hello,
> is there a way to map usergroups via winbind?
>
> I need 'getent passwd':
> testuser:x:7072:513::/home/users/testuser:/bin/bash
>
> but I get:
> testuser:x:7072:30000::/home/users/testuser:/bin/bash
>
> gidNumber is set to 513 in samba-ldap.
>
> cat /etc/samba/smb.conf
> [global]
> # Default ID mapping configuration for local BUILTIN accounts
> # and groups on a domain member. The default (*) domain:
> # - must not overlap with any domain ID mapping configuration!
> # - must use an read-write-enabled back end, such as tdb.
> idmap config * : backend = tdb
> idmap config * : range = 1000-2000
>
> # idmap config for the SAMDOM domain
> idmap config SAMDOM:backend = ad
> idmap config SAMDOM:schema_mode = rfc2307
> idmap config SAMDOM:range = 2001-999999
> idmap config SAMDOM:unix_nss_info = yes
You are never going to get '513' to show as the users primary group ID,
because it is less than the lower DOMAIN range you have set in smb.conf.
Any uidNumber or gidNumber attributes containing a number less than
'2001' will be ignored, I am still trying to understand where the
'30000' came from ?
Rowland
More information about the samba
mailing list