[Samba] Problem idmap_ad
Stefan Kania
stefan at kania-online.de
Wed Dec 14 11:53:19 UTC 2022
Why do you use idmap-backend ad anyway? Is there a reason not to use the
backend rid? It's much easier to handle, you don't have to look a
GidNumber and UidNumer you only need the RID every user has in an Active
Directory.
Am 14.12.22 um 10:14 schrieb Balke IT via samba:
> Sorry for the spam. My mailserver got an error message after trying to send via IPV6 four times and then switched back to IPV4. But back to the topic:
>
> The change to rid is our temporary workaround, nevertheless the version with idmap config DOMAIN:backend = ad gives the problems that I mentioned in my first post, several users can use the shares and others can't without any clue why. They have random (old) unix IDs and other users with a uidNumber between them cannot use the share, loads of logs with loglevel 10 did not give any hint.
>
> So this is the version that does not give all users access to the shares:
>
> idmap config * : backend = tdb
> idmap config * : range = 117000-117999
> idmap config DOMAIN:backend = ad
> idmap config DOMAIN:schema_mode = rfc2307
> idmap config DOMAIN:range = 1001-116999
> idmap config DOMAIN:unix_nss_info = no
> idmap config DOMAIN:unix_primary_group = yes
>
> template shell = /bin/bash
> template homedir = /home/%U
>
> kerberos method = secrets and keytab
>
> winbind nss info = template
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
> Best Regards
> Matthias Mueller
>
>
>> You do not appear to be using the 'ad' idmap backend, you have commented
>> it out.
>
>> Also, did your finger get stuck, you asked the same question 5 times.
>
>> Rowland
>
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter
https://www.dgn.de/dgncert/index.html
More information about the samba
mailing list