From: Freeman <f...@email.unc.edu> Date: Wed, 23 Nov 2011 10:37:05 -0500
> On 11/23/2011 08:44 AM, TAKAHASHI Motonobu wrote: > > From: Freeman<f...@email.unc.edu> > > Date: Wed, 23 Nov 2011 08:17:55 -0500 > > > >>> Have you already set values into "UNIX attributes" for every user you > >>> want to "activate" under Winbind. > >> I believed on the windows side, the windows admin had already mapped the > >> unix user uid/gid to the windows domain via some windows/unix converter > >> tool. > > You need to confirm what was done, I think. > The unix ID which were mapped to the windows domain on the server 2008 > RC 2 are all from central campus user ID, not the user ID local to me > where i have set up a small NIS service for the 25 people i support. > > If you keep current uid/gids maintained by NIS, you should use > > idmap_ad(8). If not, idmap_rid(8) is easy to configure. > > > thank you again in explaining to be the difference. i am about 99% > certain i would have to go with idmap_ad since the uid/gid from > groups/passwd files are manually added into campus's windows active > directory. If you want to use UID/GID maintained on UNIX side (/etc/passwd, NIS, LDAP, ...), you should use idmap_nss instead of idmap_ad and ask to stop "windows/unix converter tool" to Windows admin. Then the UID/GID maintained on UNIX side will be used. If you still want to use idmap_ad, you must not explicitly create those users maintained by Winbind. They should be automatically created by Winbind. > my apologies, i am lacking skills on the understanding of windows > domain. Campus is running 2008 RC2 server. so, rfc2307 will work for me > instead of sfu ? Anyway, you have to know what was done on Windows side. If you do not want bother Windows admin, using idmap_nss is better. --- TAKAHASHI Motonobu<mo...@samba.gr.jp> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba