Web lists-archives.com

[Samba] idmap config ad




Trying to use the idmap config ad on a domain member. The AD is an
actual Windows server and when logged in the AD server running ADUC
the NIS domain field on the UNIX attributes tab only shows a dash and
is cannot be changed.

Domain member is RHEL 7.6 running Samba 4.8.3.

Pertinent part of smb.conf:
=====================================
[global]
        security = ADS
        workgroup = MYDOMAIN
        realm = MYDOMAIN.LOCAL
        server string = mydomain

        kerberos method = secrets and keytab
        winbind refresh tickets = yes

        idmap config * : backend = tdb
        idmap config * : range = 3000-8999
        idmap config MYDOMAIN : backend = ad
        idmap config MYDOMAIN : schema_mode = rfc2307
        idmap config MYDOMAIN : range = 10000-99999
        idmap config MYDOMAIN : unix_nss_info = yes

        vfs objects = acl_xattr
        map acl inherit = yes
        store dos attributes = yes
=====================================

The documentation seems to strictly point to using a Samba AD with the
RSAT utility and here we're logged right on to the Windows AD using
the native ADUC application.

Thanks for any assistance!

Chris

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba