[Samba] Problem idmap_ad

edv at balke-hamburg.de edv at balke-hamburg.de
Wed Dec 14 10:26:42 UTC 2022 

> Lets see if I have got this correct:

> Your computer is joined to an AD domain.
> You have users in AD with uidNumber attributes.
> Domain Users has a gidNumber attribute.
> All these '*idNumber' attributes hold numbers inside the '1001-116999' 
> range.

> Is all that correct ?

> can you also post your entire smb.conf

> Rowland

Yes, all these are correct including the "Domain Users" which has the gid of 100 which points to the local "users" group.

Below the complete smb.conf. I really appreciate your efforts, hopefully it does not take to much time.


# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
#	workgroup = SAMBA
#	security = user

	netbios name = MEGAHOST

	workgroup = DOMAIN 
	security = ads
	realm = DOMAIN.LOCAL

	passdb backend = tdbsam

	printing = cups
	printcap name = cups
	load printers = no
	cups options = raw

	idmap config * : backend = tdb
	idmap config * : range = 117000-117999
	idmap config DOMAIN:backend = ad
	idmap config DOMAIN:schema_mode = rfc2307
	idmap config DOMAIN:range = 1001-116999
	idmap config DOMAIN:unix_nss_info = no
	idmap config DOMAIN:unix_primary_group = yes

        template shell = /bin/bash
        template homedir = /home/%U

        kerberos method = secrets and keytab

;	log level = 5 idmap:10 winbind:10

	winbind nss info = template
	winbind use default domain = yes
	winbind enum users = yes
	winbind enum groups = yes

[megastapel]
	path = /opt/mega/megadb/megak/01/fremdstapel
	valid users = mueller knau @mega
	read only = No
	create mask = 0775

[megaplus]
	path = /opt/mega
	valid users = @mega kh
	read only = No
	create mask = 0775

[sfirm]
	comment = SFirm-Dtaus-Dateien von MEGA
	path = /opt/mega/megadb/megak/01/sfirm
	valid users = @mega
	read only = No
	create mask = 0775

[megaausgleich]
	comment = Bankdaten MEGA
	path = /opt/mega/megadb/megak/01/ausgleich
	valid users = megaadm bhzbv mueller admin
	read only = No
	create mask = 0775

More information about the samba mailing list