Re: [Samba] winbind idmap question

Thu, 17 Sep 2009 11:47:36 -0700 

 

> -----Original Message-----
> From: samba-boun...@lists.samba.org 
> [mailto:samba-boun...@lists.samba.org] On Behalf Of Christian
> Sent: Thursday, 17 September, 2009 10:01
> To: samba
> Subject: [Samba] winbind idmap question
> 
> Hi,
> 
> how do I tell winbind to use "UserId" from AD, and not doing 
> own mapping
> of ID's ?
> AD is win2003 R2 Std with sfu.
> 
> What I did/tried:
> current (this did not work):
> 
> #      winbind separator = \
>         winbind use default domain = Yes
>         winbind nested groups = Yes
> #      winbind cache time = 600
>         template shell = /bin/bash
> #      template homedir = /home/%D/%U
>         template homedir = /home/%U
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         winbind enum groups = Yes
>         winbind enum users = Yes
>         security = domain
> #      security = ads
> # Where do we get our user information from?
>         password server = srv-001.domain.local
> 
> tried (did not work, too, and is very slow finding users):
>        winbind use default domain = Yes
>        winbind nested groups = Yes
>        winbind nss info = rfc2307
> 
>        idmap domains = DOMAIN
> 
>        idmap config DOMAIN:backend = ad
>        idmap config DOMAIN:default = Yes
>        idmap config DOMAIN:range = 10000 - 19999
>        idmap config DOMAIN:schema_mode = rfc2307
>         security = domain
> #      security = ads
> # Where do we get our user information from?
>         password server = srv-001.domain.local
> 
> samba version is 3.2.7
> 
> Thanks for your ideas
> Kind Regards
> Chris

>From Samba version 3.2.5 (Debian Lenny) and 3.3.6 (Lenny backports).  This 
>config works for me in both versions, so I'm confident it will work in 3.2.7:

        idmap domains = YOUR_DOMAIN
        idmap config YOUR_DOMAIN:backend = rid
        idmap config YOUR_DOMAIN:base_rid = 0
        idmap config YOUR_DOMAIN:range = 10000 - 49999

We have a Server 2003 native forest/domain not 2003 R2, and we do not have sfu 
deployed.  So the environment is a little different.



James Zuelow....................CBJ MIS (907)586-0236
Network Specialist...Registered Linux User No. 186591
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to