Web lists-archives.com

Re: [Samba] Samba user mapping DC <-> DC Member




On Thu, 2 Feb 2017 15:38:48 +0100
basti via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello,
> 
> I try to migrade nt4 to ad.
> And I have import my old users to AD. The User ID starts at 1001 up
> to 7187.
> 
> On the DC I see the user ID, on the member I see a wrong ID.
> 
> root@ad:~# getent passwd user
> FOO\user:*:2029:513:System User:/home/FOO/user:/bin/false
> 
> root@member:~# getent passwd user
> FOO\user:*:4294967295:3002:System User:/home/FOO/user:/bin/false
> 
> My config on member
> 
> root@member:~# cat /etc/samba/smb.conf
> [global]
>        security = ADS
>        workgroup = KES
>        realm = KES
> 
>        log file = /var/log/samba/%m.log
>        log level = 3
> 
> # idmap config for the SAMDOM domain
> idmap config kes:backend = ad
> idmap config kes:schema_mode = rfc2307
> idmap config kes:range = 1001-999999
> 
>   domain master = no
>   local master = no
>   preferred master = no
>   os level = 0
> 
>   winbind use default domain = yes
> 
>   client use spnego = yes
>   client ntlmv2 auth = yes
>   encrypt passwords = yes
>   restrict anonymous = 2
> 
> An other Problem ios that i only see users, when "winbind use default
> domain = yes" ist set.
> 
> Best Regards
> basti
> 

Using the same name for workgroup and realm isn't really a good idea,
you should be using something like KES.TLD and this should also be the
dns domain for your Samba domain.

You are also missing the mapping for the '*' domain
You are not getting the users because 'Domain Users' has the gidNumber
'513' and the range for 'kes is set to '1001-999999'

Is there anyway you can change the IDs you are using ?

All in all, I think you need to go and read the Samba wiki:

https://wiki.samba.org/index.php/Main_Page

All the info is there, any questions, please ask ;-)

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba