Re: [Samba] Samba AD and NIS integration
- Date: Thu, 16 Nov 2017 10:08:32 +0000
- From: Stephen Parry via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba AD and NIS integration
Thanks for your reply Rowland.
Sorry, should have made it clearer that my SAMBA is configured as AD
Primary Domain Controller; According to
idmapping does not work for AD Domain Controllers. Other pages suggest
many of the winbind parameters are simply ignored and I can confirm this
is the case.
The id ranges are what you choose, reading this may help:
>/Is there any working way of controlling those ranges, />/given idmap breaks stuff? /
What do you mean 'idmap breaks things' ?
Ranges are clearly being set; if I create a user with uidNumber in the
30xxxxxx range, the user can log in to the linux shell correctly and her
details are clearly visible in linux using the id command. If I use a
lower uidNumber of say 3000, she can log in in to linux, but the prompt
shows "This user has no name!" and the id command fails to resolve her
uid. There are ranges there but I have no control over them. Setting the
correct domain specific settings in smb.conf appear to have no effect. I
Specifically, what I need is my Linux clients to be able to both log in
locally and also connect to NFS shares on the server, authenticating
using either LDAP or NIS, but in both cases using the same logins and
passwords as the Windows clients who will be connecting to SMB shares
using SMB protocols. So far I have the auth working just locally on the
server. If I join my win clients to the domain, I believe that will also
work, though I will try that last to avoid any catastrophes should I
need to change the domain setup. However, linux client logins client to
server NIS/LDAP/NFS connections are in the wind currently.
If you mean make the Unix OS know who the AD users and groups are, then
I will trawl through the wiki again later, but what I am missing is full
context. What is often not clear from the docs is whether or not what is
documented there applies to / work with my specific set up, e.g. whether
it works when you are using AD and a Samba PDC; whether it applies to
clients local linux log on, etc.
To unsubscribe from this list go to the following URL and read the