[Removing from the Samba developer ML, this belongs on the user list] On Thu, 11 Jul 2013 14:59:24 +0000 "Pavetto, David" <david.pave...@hp.com> wrote:
> I did use the Yast to set this up and yes we are using winbind, since I did > use yast to set this up initially, so is there anything I need to do to > remove idmap_tdb or will this just be completed within the samba.conf file, > Just asking, want to understand going forward since we have a ton of servers > to install and just want to script this out The conversion from idmap_tdb to idmap_ad can be done by changing smb.conf. Remove any existing idmap parameters, then add idmap_ad parameters based on your current environment, e.g (from man page). [global] idmap config * : backend = tdb idmap config * : range = 1000000-1999999 idmap config DOMAIN : backend = ad idmap config DOMAIN : range = 1000-999999 Changing the idmap backend on a running system is generally not a good idea, as file ownership and ACLs may change for mapped users. Idmap caches also need to be purged before restarting winbind. This can be done by backing up /var/lib/samba/*, then deleting winbindd_idmap.tdb and gencache.tdb. nscd should also be disabled. One final caveat, Samba 3.6 idmap_ad uses the rfc2307 gidNumber attribute assigned to groups for which a user is a member of. It ignores the gidNumber attribute explicitly assigned user objects. Cheers, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba