[Samba] Samba as AD member & without winbind...
rpenny at samba.org
Fri Oct 30 13:33:43 UTC 2020
On 30/10/2020 13:17, Ralph Boehme wrote:
> Am 10/30/20 um 12:39 PM schrieb Rowland penny via samba:
>> On 30/10/2020 11:20, Ralph Boehme wrote:
>>> Am 10/30/20 um 12:11 PM schrieb Rowland penny via samba:
>>>> On 30/10/2020 11:06, Ralph Boehme via samba wrote:
>>>>> Am 10/30/20 um 10:20 AM schrieb Thomas Besser via samba:
>>>>>> Can I configure winbind to use 'local' users and groups from
>>>>> there's idmap_nss that may work for you.
>>>> Already mentioned that, problem is it is an allocating backend,
>>>> unless I am reading the manpage wrong.
>>> ah, missed that. :)
>>> idmap_nss is not an allocating backend, I guess the manpage text
>>> might be a bit misleading.
>> A bit ?
>> 'while using allocation to create new mappings'
> well, the full text reads:
> This example shows how to use idmap_nss to check the local accounts
> for its own domain while using allocation to create new mappings for
> trusted domains
> idmap config * : backend = tdb
> idmap config * : range = 1000000-1999999
> idmap config SAMBA : backend = nss
> idmap config SAMBA : range = 1000-999999
> As trusted domains are handled by the default domain *, the sentence is
> Patches welcome to improve the wording. :)
OK, before I go to the trouble of creating a patch, how about this instead:
This example shows how to use idmap_nss to obtain the local account
ID's for its own domain (SAMBA) from NSS, whilst allocating new mappings
for the default domain (*) and any trusted domains.
More information about the samba