[Samba] map gidNumber
basti
mailinglist at unix-solution.de
Thu Jul 23 13:29:41 UTC 2020
On 23.07.20 15:23, Rowland penny via samba wrote:
> On 23/07/2020 14:07, basti via samba wrote:
>> hello,
>> is there a way to map usergroups via winbind?
>>
>> I need 'getent passwd':
>> testuser:x:7072:513::/home/users/testuser:/bin/bash
>>
>> but I get:
>> testuser:x:7072:30000::/home/users/testuser:/bin/bash
>>
>> gidNumber is set to 513 in samba-ldap.
>>
>> cat /etc/samba/smb.conf
>> [global]
>> # Default ID mapping configuration for local BUILTIN accounts
>> # and groups on a domain member. The default (*) domain:
>> # - must not overlap with any domain ID mapping configuration!
>> # - must use an read-write-enabled back end, such as tdb.
>> idmap config * : backend = tdb
>> idmap config * : range = 1000-2000
>>
>> # idmap config for the SAMDOM domain
>> idmap config SAMDOM:backend = ad
>> idmap config SAMDOM:schema_mode = rfc2307
>> idmap config SAMDOM:range = 2001-999999
>> idmap config SAMDOM:unix_nss_info = yes
>
> You are never going to get '513' to show as the users primary group ID,
> because it is less than the lower DOMAIN range you have set in smb.conf.
> Any uidNumber or gidNumber attributes containing a number less than
> '2001' will be ignored, I am still trying to understand where the
> '30000' came from ?
>
> Rowland
ah ok i understand.
dn: CN=Users,CN=Builtin,DC=samdom,DC=example,DC=com
gidNumber: 30000
in my samba ldap.
whats your gidNumber of that dn?
More information about the samba
mailing list