[Samba] use of ‘idmap_ldb:use rfc2307 = yes’ in DCs
Rowland Penny
rpenny at samba.org
Thu Jun 20 10:46:49 UTC 2024
On Thu, 20 Jun 2024 12:25:29 +0200
Olaf Frączyk via samba <samba at lists.samba.org> wrote:
> Hello,
>
> Why is it said that it affects only if you have fileserver on DC?
>
> I use uid, uidNumber, unixHomeDirectory for users and gid for groups.
> This attributes are defined in samba DC.
>
> Then I have another samba server that works as fileserver, and I have
> this in config:
>
> idmap config * : backend = tdb
> idmap config * : range = 20000-20999
> idmap config NAVIDOM:backend = ad
> idmap config NAVIDOM:schema_mode = rfc2307
> idmap config NAVIDOM:range = 1000-9999
> idmap config NAVIDOM:unix_nss_info = yes
> idmap config NAVIDOM:unix_primary_group = yes
> winbind use default domain = yes
> winbind nss info = rfc2307
Classic upgrade ???
If not, why did you use the '1000-9999' range for the NAVDOM NetBIOS
domain ?
As every Samba machine is a 'server', referring to a 'samba server'
isn't enough, is it a DC, or is it a Unix domain member, or is it a
standalone server ?
OK, lets see if I can explain 'idmap_ldb:use rfc2307 = yes'.
That parameter can only be used on a Samba AD DC, it does nothing on
any other computer running Samba.
So what does it do on a DC ?
It is very simple, it allows the Samba AD DC to use any uidNumber &
gidNumber attributes in AD instead of the '3000000' xidNumbers found in
idmap.ldb, this only affects Samba AD DCs. Even if 'idmap_ldb:use
rfc2307 = yes' isn't set on a DC, you can still use the 'ad' idmap
backend on Samba Unix domain members and the rfc2307 attributes found
in AD will be used.
Rowland
>
> As I understand, to use it this way I need the "idmap_ldb:use rfc2307
> = yes" on DC?
>
> Or is there another way to directly map samba users and groups to
> linux users and groups?
>
>
More information about the samba
mailing list