[Samba] Joining Linux Domain Member to Windows AD/DC

Mark Foley mfoley at novatec-inc.com
Sat Jul 22 17:52:46 UTC 2023

I am installing a new Linux Domain Member on a Active Directory domain that is
otherwise 100% Windows, including a Windows AD/DC.  Previously, I've added a
Linux domain member to a domain with a Samba AD/DC and I had all the needful
information available. 

I'm using the wiki https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Introduction
for reference.

In this case, what idmap backend should I use? ad, rid, autorid? 

My domain member on my existing Samba domain has smb.conf settings:

idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config HPRS:backend = ad
idmap config HPRS:schema_mode = rfc2307
idmap config HPRS:range = 10000-10099

winbind enum groups = Yes
winbind enum users = Yes
winbind nss info = rfc2307
winbind offline logon = Yes
winbind refresh tickets = Yes
winbind use default domain = Yes

These settings were monkey-typed from a smb.conf example by kjhambrick, many,
many moons ago.  I really don't know why I have two backends specific (tdb and
ad) or why there are two different ranges (2000-9999 and 10000-10099 - although
I see the wiki also has a range for * and for domain).  Do I need all these in
the Windows AD config?

I don't see backend tdb listed in the wiki. Is that obsolete? It does list other
backends: ldap and nss.

How would I find the range on this domain?

Thanks --Mark

More information about the samba mailing list