[Samba] Joining Linux Domain Member to Windows AD/DC
Mark Foley
mfoley at novatec-inc.com
Sat Jul 22 17:52:46 UTC 2023
I am installing a new Linux Domain Member on a Active Directory domain that is
otherwise 100% Windows, including a Windows AD/DC. Previously, I've added a
Linux domain member to a domain with a Samba AD/DC and I had all the needful
information available.
I'm using the wiki https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Introduction
for reference.
In this case, what idmap backend should I use? ad, rid, autorid?
My domain member on my existing Samba domain has smb.conf settings:
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config HPRS:backend = ad
idmap config HPRS:schema_mode = rfc2307
idmap config HPRS:range = 10000-10099
winbind enum groups = Yes
winbind enum users = Yes
winbind nss info = rfc2307
winbind offline logon = Yes
winbind refresh tickets = Yes
winbind use default domain = Yes
These settings were monkey-typed from a smb.conf example by kjhambrick, many,
many moons ago. I really don't know why I have two backends specific (tdb and
ad) or why there are two different ranges (2000-9999 and 10000-10099 - although
I see the wiki also has a range for * and for domain). Do I need all these in
the Windows AD config?
I don't see backend tdb listed in the wiki. Is that obsolete? It does list other
backends: ldap and nss.
How would I find the range on this domain?
Thanks --Mark
More information about the samba
mailing list