Re: [Samba] idmap config ad
- Date: Thu, 31 Jan 2019 17:00:47 +0000
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] idmap config ad
On Thu, 31 Jan 2019 11:42:35 -0500
Sonic <sonicsmith@xxxxxxxxx> wrote:
> On Mon, Jan 28, 2019 at 9:28 AM Rowland Penny via samba
> <samba@xxxxxxxxxxxxxxx> wrote:
> > Does Domain Users have a gidNumber attribute containing a number
> > inside the 10000-99999' range ?
> > Do any Active directory groups have such a gidNumber ?
> Hi Rowland,
> Not at this time, I didn't know that had to be assigned first.
Yes it does, if you use the winbind 'ad' backend, you MUST add rfc2307
attributes to users & groups in AD, they are never added automatically.
> However, that brings up another question. There's an application that
> both AD authenticated Samba users and non-AD users need to run where
> both sets of users need to have the same primary group membership. Is
> this possible with Winbind? Or possibly sssd if not?
I think this all depends on what you mean by 'non-AD users'.
If you are referring to local Unix users and AD users having the same
primary group, then this is never going to work. I think you need to
expand on just what you are trying to do and how.
To unsubscribe from this list go to the following URL and read the