Web lists-archives.com

Re: [Samba] Samba AD and NIS integration




Thanks for your reply Rowland.

The id ranges are what you choose, reading this may help:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Setting_up_a_Basic_smb.conf_File

>/Is there any working way of controlling those ranges, />/given idmap breaks stuff? /
What do you mean 'idmap breaks things' ?

Sorry, should have made it clearer that my SAMBA is configured as AD Primary Domain Controller; According to https://wiki.samba.org/index.php/Updating_Samba#Failure_To_Access_Shares_on_Domain_Controllers_If_idmap_config_Parameters_Set_in_the_smb.conf_File, idmapping does not work for AD Domain Controllers. Other pages suggest many of the winbind parameters are simply ignored and I can confirm this is the case.

Ranges are clearly being set; if I create a user with uidNumber in the 30xxxxxx range, the user can log in to the linux shell correctly and her details are clearly visible in linux using the id command. If I use a lower uidNumber of say 3000, she can log in in to linux, but the prompt shows "This user has no name!" and the id command fails to resolve her uid. There are ranges there but I have no control over them. Setting the correct domain specific settings in smb.conf appear to have no effect. I have tried.

If you mean make the Unix OS know who the AD users and groups are, then
yes.
Specifically, what I need is my Linux clients to be able to both log in locally and also connect to NFS shares on the server, authenticating using either LDAP or NIS, but in both cases using the same logins and passwords as the Windows clients who will be connecting to SMB shares using SMB protocols. So far I have the auth working just locally on the server. If I join my win clients to the domain, I believe that will also work, though I will try that last to avoid any catastrophes should I need to change the domain setup. However, linux client logins client to server NIS/LDAP/NFS connections are in the wind currently.

I will trawl through the wiki again later, but what I am missing is full context. What is often not clear from the docs is whether or not what is documented there applies to / work with my specific set up, e.g. whether it works when you are using AD and a Samba PDC; whether it applies to clients local linux log on, etc.

regards

Stephen




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba