Web lists-archives.com

Re: [Samba] id maping




On Mon, 20 Feb 2017 13:07:29 +0100
basti via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello,
> I have install samba ad.
> On AD the config look like
> 
> 
> 	# Default idmap config for local BUILTIN accounts and groups
> 	idmap config * : backend = tdb
> 	idmap config * : range = 3000-7999
> 
> 	# idmap config for the KES domain
> 	idmap config SAMDOM:backend = ad
> 	idmap config SAMDOM:schema_mode = rfc2307
> 	idmap config SAMDOM:range = 1001-999999
> 

Remove the above lines, they shouldn't be in a DC smb.conf

> 
> when I use "getent passwd someuser" it return a valid entry
> SAMDOM\someuser:*:7072:513:someuser:/home/SAMDOM/someuser:/bin/false
> 
> On a domainmember the smb.conf looks like

> 
>        # idmap config for the KES domain
>        idmap config KES:backend = ad
>        idmap config KES:schema_mode = rfc2307
>        idmap config KES:range = 4000-999999
> 

You are missing the '*' settings

> 
> and "getent passwd someuser" return different entrys
> 
> someuser:*:7072:4294967295:someuser:/home/SAMDOM/someuser:/bin/bash

Well it would, Domain Users seems to have the gidNuber '513' and this
is lower than your lower domain setting '4000'

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba