[Samba] Understanding ID mapping between a campus AD and a local LDAP

Jonathon A Anderson jonathon.anderson at colorado.edu
Tue Mar 23 21:02:56 UTC 2021

This is encouraging! I'm going to try again with

winbind use default domain = no

and see if it works. If it doesn't I'll send some shell logs and Samba logs.


From: samba <samba-bounces at lists.samba.org> on behalf of Christian Naumer via samba <samba at lists.samba.org>
Sent: Tuesday, March 23, 2021 2:43 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Understanding ID mapping between a campus AD and a local LDAP

Am 23.03.21 um 18:50 schrieb Jonathon A Anderson via samba:
> # idmap config AD : backend  = nss
> # idmap config AD : range = 1000-20000000

The idmap nss should actually do what you want to do. Are your ldap
users known to the system?

does "id username" produce an output you would expect from your LDAP server?

The the idmap_nss backend should map users (from LDAP) with the same
name to the user from AD. I had this running a long time ago but I cant
find my notes on this.



Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development

B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender),
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list