[Samba] map gidNumber
rpenny at samba.org
Thu Jul 23 13:44:05 UTC 2020
On 23/07/2020 14:29, basti via samba wrote:
> On 23.07.20 15:23, Rowland penny via samba wrote:
>> On 23/07/2020 14:07, basti via samba wrote:
>>> is there a way to map usergroups via winbind?
>>> I need 'getent passwd':
>>> but I get:
>>> gidNumber is set to 513 in samba-ldap.
>>> cat /etc/samba/smb.conf
>>> # Default ID mapping configuration for local BUILTIN accounts
>>> # and groups on a domain member. The default (*) domain:
>>> # - must not overlap with any domain ID mapping configuration!
>>> # - must use an read-write-enabled back end, such as tdb.
>>> idmap config * : backend = tdb
>>> idmap config * : range = 1000-2000
>>> # idmap config for the SAMDOM domain
>>> idmap config SAMDOM:backend = ad
>>> idmap config SAMDOM:schema_mode = rfc2307
>>> idmap config SAMDOM:range = 2001-999999
>>> idmap config SAMDOM:unix_nss_info = yes
>> You are never going to get '513' to show as the users primary group ID,
>> because it is less than the lower DOMAIN range you have set in smb.conf.
>> Any uidNumber or gidNumber attributes containing a number less than
>> '2001' will be ignored, I am still trying to understand where the
>> '30000' came from ?
> ah ok i understand.
I don't ;-)
> dn: CN=Users,CN=Builtin,DC=samdom,DC=example,DC=com
> gidNumber: 30000
> in my samba ldap.
> whats your gidNumber of that dn?
Mine doesn't have a gidNumber, because it is a container, so if your
object is similar to this:
description: Default container for upgraded user accounts
and also has the line:
Then remove the gidNumber line.
More information about the samba