[Samba] ADS Domain Member smb.conf using idmap_ad

Tue, 22 Nov 2011 13:56:58 -0800 

Greetings samba community,
I am running samba version: Version 3.5.11-79. fc14. Trying to join linux servers to the windows 2003 domain by running winbind and smb. I have configured the following smb.conf file which worked but can't seem to understand why the uid is different from the windows side when the windows side has already mapped some kind of uid to the sid. 


If i were to log into this machine from another linux box and run the 
command 'id' i get the uid of 1000. When i try to run this command 
wbinfo -n flo on the member server, i get some other number:


[root@moe samba]# wbinfo -n flo
S-1-5-21-344340502-4252695000-2390403120-1236058 SID_USER (1)


# from a linux client machine after logging onto the server which joined 
the domain

-bash-4.1$ id
uid=1000(flo) gid=1000(domain users) groups=1000(domain users),


what do these numbers mean ? and does it have to match the number that 
has been setup for me on the windows side ? Am i still missing some 
parameters on my configuration ?



i was able to have this server join our internal windows network as a 
member and was able to log into this server with my windows credential 
instead of my nis credential.



i don't understand how "idmap uid=range values" vs   "idmap config AD : 
range = range values"
By omitting this "idmap config AD : range = range values" from my 
configuration, i am able to gain access to this server which join the 
windows domain from another linux machine. If i left it uncomment in my 
configuration, i can't seem to login to this machine.


Freeman

[global]
   workgroup = ad
   password server = server1,server2,server3
   realm = myDomain.com
   security = ads
   allow trusted domains = no
   disable netbios = yes

# this doesn't seem to work for some reason
# i am trying to use idmap_ad
#   idmap backend = ad
   idmap backend = tdb
   idmap uid = 1000-5000000
   idmap gid = 1000-5000000

   idmap config AD : default = yes
   idmap config AD : cache time = 180
   idmap config AD : backend  = ad
   # idmap config AD : range = 100001-200000
   idmap config AD : schema_mode = rfc2307


   template shell = /bin/bash
   template homedir = /mnt/%D/home/%U
   winbind nss info = rfc2307
   winbind use default domain = yes
   winbind offline logon = yes
   winbind nested groups = yes
   encrypt passwords = yes
   obey pam restrictions = yes
   unix password sync = no
   winbind enum users = yes
   winbind enum groups = yes
   winbind refresh tickets = yes
   domain master = no
   local master = no

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to