[Samba] Problem connecting Samba and Windows Active Directory
Rowland Penny
rpenny at samba.org
Wed Aug 25 13:16:11 UTC 2021
On Wed, 2021-08-25 at 12:55 +0000, Luca Bertoncello via samba wrote:
> Getent passwd shows only local users. No AD-users at all... ☹
>
> The Users in AD don't have a uidNumber and don't have "Domain Users"
> as Group (we use another Group as primary one).
Then the winbind 'ad' backend will never work and you will never have
any AD users & groups as Unix users and groups.
Replace this block in smb.conf:
idmap config * : range = 2000-10000
idmap config AD-QUEO-ORG : backend = ad
idmap config AD-QUEO-ORG : range = 200000-1000200000
idmap config AD-QUEO-ORG : unix_primary_group = yes
idmap config AD-QUEO-ORG : schema_mode = rfc2307
idmap config AD-QUEO-ORG : unix_nss_info = yes
With this:
idmap config * : range = 3000-7999
idmap config AD-QUEO-ORG : backend = rid
idmap config AD-QUEO-ORG : range = 10000-1000200000
It is either that, or start populating AD with uidNumber & gidNumber
attributes.
Rowland
More information about the samba
mailing list