On Tue, 2013-07-09 at 18:22 -0700, Nick B wrote: Hi None of this works on a s4 DC > > # Setup user maps > > idmap config * : backend = tdb > > idmap config * : range = 100000-199999 > > idmap config MYDOMAIN : backend = ad > > idmap config MYDOMAIN : schema_mode = rfc2307 > > idmap config MYDOMAIN : range = 50000-99999 > > winbind nss info = rfc2307 > > winbind trusted domains only = No > > winbind use default domain = Yes > > winbind enum users = Yes > > winbind enum groups = Yes
replace it with this: idmap_ldb use:rfc2307 = Yes make the winbind links: ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s libnss_winbind.so /lib64/libnss_winbind.so.2 and the nss stuff in /etc/nsswitch.conf: passwd: files winbind group: files winbind Now add the uidNumber and gidNumber attributes to the user or group DN in AD. YOu can use ldbmodify or ldbedit for that. If you are brave, you can build the master and use samba-tool add the attributes when you create the user. Note: if you want the whole of rfc2307 as your smb.conf suggests, then use sssd and forget about winbind. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba