[Samba] AD/RID backends and group mappings on member
L.P.H. van Belle
belle at bazuin.nl
Wed Mar 23 16:01:04 UTC 2022
Hai,
Im wondering, im testing a bit with backends AD and RID>
This part of the smb.conf
## Map id's outside the ADDOM to tdb files.
idmap config * : backend = tdb
idmap config * : range = 2000-9999
## Backend AD
## map ids from the domain the range may not overlap !
# idmap config ADDOM : backend = ad
# idmap config ADDOM : schema_mode = rfc2307
# idmap config ADDOM : range = 10000-3999999
# idmap config ADDOM : unix_primary_group = yes
# idmap config ADDOM : unix_nss_info = yes
## Backend RID
## map ids from the domain the range may not overlap !
idmap config ADDOM : backend = rid
idmap config ADDOM : range = 10000-3999999
## Template settings for login shell and home directory
template shell = /bin/bash
template homedir = /home/%U
Before restart and after I change the backend, i run : net cache flush
If i run my server in a RID backend setup and i check my group mappings.
net groupmap list
Guests (S-1-5-32-546) -> BUILTIN\guests
Administrators (S-1-5-32-544) -> BUILTIN\administrators
Users (S-1-5-32-545) -> 2001
And again but with the AD backend enabled.
net groupmap list
Guests (S-1-5-32-546) -> BUILTIN\guests
Administrators (S-1-5-32-544) -> 2000
Users (S-1-5-32-545) -> BUILTIN\users
Can someone explain why i see 2 different things here,
shouldn't these BUILTIN not be the same.
What am i missing here.
Greetz,
Louis
More information about the samba
mailing list