[Samba] Problem connecting Samba and Windows Active Directory

Rowland Penny rpenny at samba.org
Wed Aug 25 13:49:19 UTC 2021


On Wed, 2021-08-25 at 15:32 +0200, Christian Naumer via samba wrote:
> On 25.08.21 15:16, Rowland Penny via samba wrote:
> > On Wed, 2021-08-25 at 12:55 +0000, Luca Bertoncello via samba
> > wrote:
> > > Getent passwd shows only local users. No AD-users at all... ☹
> > > 
> > > The Users in AD don't have a uidNumber and don't have "Domain
> > > Users"
> > > as Group (we use another Group as primary one).
> > 
> > Then the winbind 'ad' backend will never work and you will never
> > have
> > any AD users & groups as Unix users and groups.
> > 
> > Replace this block in smb.conf:
> > 
> >          idmap config * : range = 2000-10000
> >          idmap config AD-QUEO-ORG : backend = ad
> >          idmap config AD-QUEO-ORG : range = 200000-1000200000
> >          idmap config AD-QUEO-ORG : unix_primary_group = yes
> >          idmap config AD-QUEO-ORG : schema_mode = rfc2307
> >          idmap config AD-QUEO-ORG : unix_nss_info = yes
> > 
> > With this:
> > 
> >          idmap config * : range = 3000-7999
> >          idmap config AD-QUEO-ORG : backend = rid
> >          idmap config AD-QUEO-ORG : range = 10000-1000200000
> > 
> > It is either that, or start populating AD with uidNumber &
> > gidNumber
> > attributes.
> 
> The Data on the server will then have "new" owners. Just be aware of
> that.
> 

I don't think the OP had got that far.

Rowland





More information about the samba mailing list