[Samba] winbind use default domain = true with subdomain
Rowland penny
rpenny at samba.org
Sat Apr 24 07:41:01 UTC 2021
On 24/04/2021 00:07, Vex Mage wrote:
>
>
> [root at linuxad ~]# id vex
> uid=1101602(vex) gid=1100513(domain users) groups=1100513(domain
> users),1101602(vex)
>
> but I'd like to be able to do
> [root at linuxad ~]# id vmage
> id: vmage: no such user
>
> but get the vmage at IDENTITY.UNIVERISTY.EDU
> <mailto:vmage at IDENTITY.UNIVERISTY.EDU> data. As all of our users are
> in that the other domain and only machine accounts and groups are in
> the COE.ENGINE.UNIVERISTY.EDU <http://COE.ENGINE.UNIVERISTY.EDU> domain.
When will universities learn that isn't the way to do it, why don't you
just put everything in the IDENTITY.UNIVERISTY.EDU realm ?
>
>
>
>
> /etc/hostname
>
> linuxad.engine.university.edu <http://linuxad.engine.university.edu>
Some version of red-hat ?
On Debian, it would just be 'linuxad'
>
> /etc/hosts
>
> 127.0.0.1 localhost localhost.localdomain localhost4
> localhost4.localdomain4
> ::1 localhost localhost.localdomain localhost6
> localhost6.localdomain6
> 128.111.27.41 linuxad.engine.university.edu
> <http://linuxad.engine.university.edu> linuxad
>
>
> /etc/krb5.conf
>
> # Configuration snippets may be placed in this directory as well
> includedir /etc/krb5.conf.d/
remove the 'includedir' line from your /etc/krb5.conf and make the
contents look like this:
[libdefaults]
default_realm = YOUR.REALM.TLD
dns_lookup_realm = false
dns_lookup_kdc = true
>
>
> /etc/samba/smb.conf
>
> [global]
> workgroup = COE
> realm = COE.ENGINE.UNIVERSITY.EDU
> <http://COE.ENGINE.UNIVERSITY.EDU>
> security = ads
>
> idmap config COE : backend = autorid
> idmap config COE : range = 100000-19999999
> idmap config COE : rangesize = 1000000
>
> idmap config IDENTITY : backend = autorid
> idmap config IDENTITY : range = 200000-29999999
> idmap config IDENTITY : rangesize = 1000000
No, that isn't the way to use autorid, you only set it once:
idmap config * : backend = autorid
idmap config * : range = 100000-29999999
idmap config * : rangesize = 1000000
Rowland
More information about the samba
mailing list