Re: [Samba] getenv does not return any AD DOMAIN users or groups - ?nsswitch is not setup for Samba?
- Date: Mon, 19 Nov 2018 09:19:06 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] getenv does not return any AD DOMAIN users or groups - ?nsswitch is not setup for Samba?
On Mon, 19 Nov 2018 03:23:29 +0000
"Barry D. Adkins via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> >What is wrong with the Samba wiki, what didn't go exactly like the
> >wiki ?
> Well take this wiki that I'm trying to follow to add the AD uid/gid
> to the objects. It's helpful and confusing, but maybe because I'm
> just not informed enough.
> I got the property pages to show in AD Users & Computers, but there
> is no NIS Domain offered to select. No guidance on that, unless I've
> done something out of sequence that would have populated that.
> It then Gives this guidance to perform before you use AD U & C...
> after it has just led you down the path of using AD U & C.
> # Defining the next UID/GID number to use
> # Every time a UID/GID number is assigned using Active Directory
> Users and Computers (ADUC), the next UID/GID number is stored inside
> the Active Directory. By default, ADUC starts assigning UID and # GID
> numbers at 10000.
> # If you setup a new Samba AD and want to use a different start
> value, you will need to add the counting attributes before using ADUC
> for the first time:
> # ldbedit -H /usr/local/samba/private/sam.ldb -b \
> # msSFU30MaxUidNumber: 10000
> # msSFU30MaxGidNumber: 10000
> # With the same command you can change the values. E. g. if you
> require to start UID numbers at 20000 and GIDs at 50000, adapt the
> values to your requirements:
> # msSFU30MaxUidNumber: 20000
> # msSFU30MaxGidNumber: 50000
> I don't seem to find an "ldb" file anywhere and since we are using an
> AD Domain, perhaps there shouldn't be one.
> I wouldn't have gone looking for an "ldb" file except for this wiki.
> I'll continue to rummage around trying to figure out how to get an
> entry to choose for the NIS Domain, although I'm not sure what it
> should be. I would guess it would be the same name as the AD Domain
> Name. Looking over the above ldbedit command it seems like it will
> create an entry of samdom.example.com or in my case would be
> samdom.domain.com but is that what we really want/need to do?
Reading all of the above a few questions spring to mind:
What is the AD DC ?
If it is a Windows DC, is 'IDMU' installed (also known as 'services for
If it is a Samba DC, did you provision with '--use-rfc2307' ?
To unsubscribe from this list go to the following URL and read the