Web lists-archives.com

[Samba] RFC2307 on AD DC




Hi all,

I am deploying a new AD DC for our network using Ubuntu 18.04 and BIND_DLZ. Al lis fine but the RFC2307 attributes on DC. What's the recommended/correct way to use RFC2307 attributes on DC? At the wiki (1) it says:

For example, setting up an ID mapping back end, such as|ad|(RFC2307) or|rid|, in the|smb.conf|file is not supported an can cause the|samba|service to fail
Indeed, I have set a smb.conf with idmap settings below and it stops working after some time, with user/password errors:

[global]
    dns forwarder = 192.168.0.254
    netbios name = ARAUCARIA
    realm = AD.A1.IND.BR
    server role = active directory domain controller
    workgroup = A1
    server services = -dns

    log file = /var/log/samba/%m.log
    log level = 1

    winbind use default domain = yes
    winbind enum users  = yes
    winbind enum groups = yes

    idmap config * : backend = tdb
    idmap config * : range = 500-599

    idmap config A1 :backend = ad
    idmap config A1 :schema_mode = rfc2307
    idmap config A1 :range = 601-65300
    idmap config A1 :unix_nss_info = yes
    idmap config A1 :unix_primary_group = yes

[netlogon]
    path = /var/lib/samba/sysvol/ad.a1.ind.br/scripts
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No

I dont want to set a winbind template, I do have rfc2307 information for our users and would like to use them on DC but could not get it working, can someone point me to the right direction? Is winbind the way to go, or should I look to SSSD or LikeWise?

(1) https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC

Thanks and best regards.


--
*Marcio Merlone*
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba