Web lists-archives.com

Re: [Samba] idmap config ad




On Thu, 31 Jan 2019 11:42:35 -0500
Sonic <sonicsmith@xxxxxxxxx> wrote:

> On Mon, Jan 28, 2019 at 9:28 AM Rowland Penny via samba
> <samba@xxxxxxxxxxxxxxx> wrote:
> > Does Domain Users have a gidNumber attribute containing a number
> > inside the 10000-99999' range ?
> >
> > Do any Active directory groups have such a gidNumber ?
> 
> Hi Rowland,
> 
> Not at this time, I didn't know that had to be assigned first.

Yes it does, if you use the winbind 'ad' backend, you MUST add rfc2307
attributes to users & groups in AD, they are never added automatically.

> 
> However, that brings up another question. There's an application that
> both AD authenticated Samba users and non-AD users need to run where
> both sets of users need to have the same primary group membership. Is
> this possible with Winbind? Or possibly sssd if not?
> 
> Thanks,
> 
> Chris

I think this all depends on what you mean by 'non-AD users'. 

If you are referring to local Unix users and AD users having the same
primary group, then this is never going to work. I think you need to
expand on just what you are trying to do and how.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba