Firstly, I recommend that you configure both Active Directory and Samba to configure Winbind in your lab.
From: Freeman <f...@email.unc.edu> Date: Wed, 23 Nov 2011 08:17:55 -0500 > > Have you already set values into "UNIX attributes" for every user you > > want to "activate" under Winbind. > I believed on the windows side, the windows admin had already mapped the > unix user uid/gid to the windows domain via some windows/unix converter > tool. You need to confirm what was done, I think. > idmap config AD : default = yes > idmap config AD : cache time = 180 > idmap config AD : backend = ad > # idmap config AD : range = 100001-200000 > idmap config AD : schema_mode = rfc2307 Of cource, uid/gids are set between 100001-200000 on Active Directory? If you set "idmap config AD : range = 100001-200000", all uid/gids except 100001-200000 cannot be mapped. Also remember an user whose primary group cannot be mapped is failed to map. > idmap config AD : schema_mode = rfc2307 > I am running samba version: Version 3.5.11-79. fc14. Trying to join > linux servers to the windows 2003 domain by running winbind and smb. I Your AD's DCs are Windows Server 2003 or Windows Server 2003 R2? If Windows Server 2003, you use sfu instead of rfc2307. See http://support.microsoft.com/kb/921599/en-us > I thought the uid/gid mapping to the sid is all done by either > winbind or samba, if smb.conf is configured properly. Again I have to say that uid/gid does not have nothing to do with SID/RID. Setting "idmap backend = ad" only enables that uid/gid/shell and homedir values are retrieved from those set in "UNIX attributes", which does not mean to map to SID. > The goal is pretty simple, we would like to have all of the linux > machines joining the campus windows AD domain as a member. Instead of > using the NIS account with all of the linux machine, we would like to > log onto the linux servers with the domain account from the window side > and to mount a windows share upon a user log in. If you keep current uid/gids maintained by NIS, you should use idmap_ad(8). If not, idmap_rid(8) is easy to configure. --- TAKAHASHI Motonobu <mo...@samba.gr.jp> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba