[Samba] rfc2307 attributes on a samba ad-dc
Zombie Ryushu
zombie_ryushu at yahoo.com
Sat Nov 19 09:44:19 UTC 2022
On 11/19/22 04:40, Michael Tokarev via samba wrote:
> Hi!
>
> How one enables RFC2307 attributes for users on a Samba AD-DC?
> All the settings about this which works on a member server,
> does not work on an DC:
>
> [global]
> netbios name = SVDCP
> realm = PZ.CORPIT.RU
> server role = active directory domain controller
> workgroup = PZ
>
> idmap_ldb:use rfc2307 = yes
> winbind nss info = rfc2307
> template homedir = /home/%U
> template shell = /bin/bash
> winbind use default domain = yes
>
> idmap config pz : unix_primary_group = yes
> idmap config pz : schema_mode = rfc2307
> idmap config pz : range = 1000-4999
> idmap config pz : backend = ad
>
>
> (these are one of the many parameters I tried, some of them might be
> conflicting with each other - I tried different combinations with
> similar results).
>
> With this, on the DC, wbinfo -i <user> always shows template homedir,
> template shell, and primary group=100. But on a member server, this
> correctly shows homedir, shell and primary group stored in the AD.
>
> Where it gets the gid=100 from, and how to configure it so it will
> show the correct info?
>
> Thanks!
>
> /mjt
>
Has to be passed at the time of the AD's Provision.
More information about the samba
mailing list