[Samba] ID Mapping
Peter Milesson
miles at atmos.eu
Thu Nov 5 17:30:40 UTC 2020
On 2020-11-04 23:14, O'Connor, Daniel via samba wrote:
>
>> On 4 Nov 2020, at 20:19, Rowland penny via samba <samba at lists.samba.org> wrote:
>>
>> On 04/11/2020 00:14, O'Connor, Daniel wrote:
>>> Hmm, you say 'uidNumber' but I have xidNumber:
>>> # editing 1 records
>>> # record 1
>>> dn: CN=S-1-5-21-1638907138-195301586-368347949-3088
>>> cn: S-1-5-21-1638907138-195301586-368347949-3088
>>> objectClass: sidMap
>>> objectSid: S-1-5-21-1638907138-195301586-368347949-3088
>>> type: ID_TYPE_BOTH
>>> xidNumber: 1044
>>> distinguishedName: CN=S-1-5-21-1638907138-195301586-368347949-3088
>> You are looking in the wrong database 😁
>>
>> 'xidNumber' attributes are only used on an AD DC and found in idmap.ldb, you should be looking in sam.ldb
> This is an AD DC though (it is also the file server)
>
>> If you want your users to have the same ID everywhere, you must add a unique uidNumber attribute to each user that you want to be visible on Unix, you must also give the Domain Users group a gidNumber attribute. These will override the 'xidNumber' attributes on the DC and you must use the winbind 'ad' backend on Unix domain members.
> This is only a very small office so I'm trying to avoid having a second install just for the AD DC.
>
> --
> Daniel O'Connor
> "The nice thing about standards is that there
> are so many of them to choose from."
> -- Andrew Tanenbaum
>
Hi Daniel,
May I suggest that you setup a virtual machine somewhere in the network
with just the AD DC and FSMO roles? A 20GB VM with Debian 10 is more
than sufficient. Also, the operating requirements are really tiny.
I have setup a couple of small domains like that, using RSAT for
administration (shares, GPOs). Works like a charm. Both the domains are
similar, a bunch of Windows 10 Pro workstations, and a common Samba file
server (domain member).
Best regards,
Peter
More information about the samba
mailing list