[Samba] ID Mapping
O'Connor, Daniel
darius at dons.net.au
Wed Nov 4 22:14:55 UTC 2020
> On 4 Nov 2020, at 20:19, Rowland penny via samba <samba at lists.samba.org> wrote:
>
> On 04/11/2020 00:14, O'Connor, Daniel wrote:
>> Hmm, you say 'uidNumber' but I have xidNumber:
>> # editing 1 records
>> # record 1
>> dn: CN=S-1-5-21-1638907138-195301586-368347949-3088
>> cn: S-1-5-21-1638907138-195301586-368347949-3088
>> objectClass: sidMap
>> objectSid: S-1-5-21-1638907138-195301586-368347949-3088
>> type: ID_TYPE_BOTH
>> xidNumber: 1044
>> distinguishedName: CN=S-1-5-21-1638907138-195301586-368347949-3088
>
> You are looking in the wrong database 😁
>
> 'xidNumber' attributes are only used on an AD DC and found in idmap.ldb, you should be looking in sam.ldb
This is an AD DC though (it is also the file server)
> If you want your users to have the same ID everywhere, you must add a unique uidNumber attribute to each user that you want to be visible on Unix, you must also give the Domain Users group a gidNumber attribute. These will override the 'xidNumber' attributes on the DC and you must use the winbind 'ad' backend on Unix domain members.
This is only a very small office so I'm trying to avoid having a second install just for the AD DC.
--
Daniel O'Connor
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum
More information about the samba
mailing list