Re: [Samba] Samba user mapping DC <-> DC Member
- Date: Thu, 2 Feb 2017 15:14:28 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba user mapping DC <-> DC Member
On Thu, 2 Feb 2017 15:38:48 +0100
basti via samba <samba@xxxxxxxxxxxxxxx> wrote:
> I try to migrade nt4 to ad.
> And I have import my old users to AD. The User ID starts at 1001 up
> to 7187.
> On the DC I see the user ID, on the member I see a wrong ID.
> root@ad:~# getent passwd user
> FOO\user:*:2029:513:System User:/home/FOO/user:/bin/false
> root@member:~# getent passwd user
> FOO\user:*:4294967295:3002:System User:/home/FOO/user:/bin/false
> My config on member
> root@member:~# cat /etc/samba/smb.conf
> security = ADS
> workgroup = KES
> realm = KES
> log file = /var/log/samba/%m.log
> log level = 3
> # idmap config for the SAMDOM domain
> idmap config kes:backend = ad
> idmap config kes:schema_mode = rfc2307
> idmap config kes:range = 1001-999999
> domain master = no
> local master = no
> preferred master = no
> os level = 0
> winbind use default domain = yes
> client use spnego = yes
> client ntlmv2 auth = yes
> encrypt passwords = yes
> restrict anonymous = 2
> An other Problem ios that i only see users, when "winbind use default
> domain = yes" ist set.
> Best Regards
Using the same name for workgroup and realm isn't really a good idea,
you should be using something like KES.TLD and this should also be the
dns domain for your Samba domain.
You are also missing the mapping for the '*' domain
You are not getting the users because 'Domain Users' has the gidNumber
'513' and the range for 'kes is set to '1001-999999'
Is there anyway you can change the IDs you are using ?
All in all, I think you need to go and read the Samba wiki:
All the info is there, any questions, please ask ;-)
To unsubscribe from this list go to the following URL and read the