[Samba] Problem connecting Samba and Windows Active Directory
Christian Naumer
cn at brain-biotech.de
Wed Aug 25 13:32:54 UTC 2021
On 25.08.21 15:16, Rowland Penny via samba wrote:
> On Wed, 2021-08-25 at 12:55 +0000, Luca Bertoncello via samba wrote:
>> Getent passwd shows only local users. No AD-users at all... ☹
>>
>> The Users in AD don't have a uidNumber and don't have "Domain Users"
>> as Group (we use another Group as primary one).
>
> Then the winbind 'ad' backend will never work and you will never have
> any AD users & groups as Unix users and groups.
>
> Replace this block in smb.conf:
>
> idmap config * : range = 2000-10000
> idmap config AD-QUEO-ORG : backend = ad
> idmap config AD-QUEO-ORG : range = 200000-1000200000
> idmap config AD-QUEO-ORG : unix_primary_group = yes
> idmap config AD-QUEO-ORG : schema_mode = rfc2307
> idmap config AD-QUEO-ORG : unix_nss_info = yes
>
> With this:
>
> idmap config * : range = 3000-7999
> idmap config AD-QUEO-ORG : backend = rid
> idmap config AD-QUEO-ORG : range = 10000-1000200000
>
> It is either that, or start populating AD with uidNumber & gidNumber
> attributes.
The Data on the server will then have "new" owners. Just be aware of that.
Regards
--
Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development
BRAIN Biotech AG
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11
Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender),
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
More information about the samba
mailing list