[Samba] Problem idmap_ad
Rowland Penny
rpenny at samba.org
Wed Dec 14 09:45:26 UTC 2022
On 14/12/2022 09:14, Balke IT via samba wrote:
> Sorry for the spam. My mailserver got an error message after trying to send via IPV6 four times and then switched back to IPV4. But back to the topic:
>
> The change to rid is our temporary workaround, nevertheless the version with idmap config DOMAIN:backend = ad gives the problems that I mentioned in my first post, several users can use the shares and others can't without any clue why. They have random (old) unix IDs and other users with a uidNumber between them cannot use the share, loads of logs with loglevel 10 did not give any hint.
>
> So this is the version that does not give all users access to the shares:
>
> idmap config * : backend = tdb
> idmap config * : range = 117000-117999
> idmap config DOMAIN:backend = ad
> idmap config DOMAIN:schema_mode = rfc2307
> idmap config DOMAIN:range = 1001-116999
> idmap config DOMAIN:unix_nss_info = no
> idmap config DOMAIN:unix_primary_group = yes
>
> template shell = /bin/bash
> template homedir = /home/%U
>
> kerberos method = secrets and keytab
>
> winbind nss info = template
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
> Best Regards
> Matthias Mueller
Lets see if I have got this correct:
Your computer is joined to an AD domain.
You have users in AD with uidNumber attributes.
Domain Users has a gidNumber attribute.
All these '*idNumber' attributes hold numbers inside the '1001-116999'
range.
Is all that correct ?
can you also post your entire smb.conf
Rowland
More information about the samba
mailing list