[Samba] bad home path from AD

arnaud.bougeard at univ-rennes.fr arnaud.bougeard at univ-rennes.fr
Sat Mar 30 10:42:10 UTC 2024


This samba file server is a ldap client  and a AD client.

So  listening port is not a problem.  I just worry about idmapping.

Arnaud




Le 30/03/2024 à 09:19, Rowland Penny via samba a écrit :
> On Thu, 28 Mar 2024 17:00:48 +0100 (CET)
> Arnaud Bougeard via samba <samba at lists.samba.org> wrote:
>
>> Thanks Rowland for you answer.
>>
>> I passed the idmap config UR parameter: unix_nss_info to yes and it
>> works
>>
>> I work in university with a large number of users.
>> The  RIDs which I understand like the last digits of the SID are from
>> 1000 to 300000 and uid from the LDAP are from  500 to 29009894.
>>
>> So I don't really know what to do with it ?
>>
>> I modify idmap to:
>>     idmap config * : backend = tdb
>>     idmap config * : range = 16777216-33554431
>>     idmap config UR : backend = ad
>>     idmap config UR : range = 1000-350000
>>     idmap config UR : unix_nss_info = yes
>> Is it good ?
>>
> You ignore the 'ldap', Samba will not 'talk' to it.
>
> You are running Samba with 'security = ADS' and it is a member of the
> 'UR' NetBIOS domain. This means that 'winbind' will look for and use
> the AD DCs in the 'UR' domain, it will not look for or use any other
> ldap.
>
> You may have a problem here, AD uses the ldap ports '389', '636',
> '3268' and '3269', ldap by default also uses '389' and '636'. You
> cannot have two programs using the same ports.
>
> I think you have a couple of options here:
> 1) Move everything that is in ldap to AD and then turn the ldap off.
> 2) Move the ldap to another machine and then somehow sync the users
> (including passwords) & groups to AD.
>
> Rowland
>




More information about the samba mailing list