[Samba] rfc2307 attributes on a samba ad-dc
Michael Tokarev
mjt at tls.msk.ru
Sat Nov 19 09:40:11 UTC 2022
Hi!
How one enables RFC2307 attributes for users on a Samba AD-DC?
All the settings about this which works on a member server,
does not work on an DC:
[global]
netbios name = SVDCP
realm = PZ.CORPIT.RU
server role = active directory domain controller
workgroup = PZ
idmap_ldb:use rfc2307 = yes
winbind nss info = rfc2307
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = yes
idmap config pz : unix_primary_group = yes
idmap config pz : schema_mode = rfc2307
idmap config pz : range = 1000-4999
idmap config pz : backend = ad
(these are one of the many parameters I tried, some of them might be
conflicting with each other - I tried different combinations with
similar results).
With this, on the DC, wbinfo -i <user> always shows template homedir,
template shell, and primary group=100. But on a member server, this
correctly shows homedir, shell and primary group stored in the AD.
Where it gets the gid=100 from, and how to configure it so it will
show the correct info?
Thanks!
/mjt
More information about the samba
mailing list