Michael St. Laurent
2007-May-07 16:44 UTC
[Samba] Problem with RID to unix account mapping in ADS mode
Hello, I'm working with the samba-3.0.23c version currently released for use with RHEL-5. I'm trying to switch into ADS security from DOMAIN security and I'm having trouble with account mapping. Currently the mapping happens because the unix account name matches the windows account name. That no longer seems to be an option when you switch to ADS mode (please correct me if I'm wrong). I should also mention that there are several servers involved and I'm syncing the unix UIDs so as to play well with NFS too.>From what I've read, the preferred method of accomplishing this underADS mode seems to be to hang the unix UID for the account in the LDAP database part of ADS. However, none of the documents I've read have covered how to actually do that part. They've all been about getting samba to lookup the Idmap value and use it assuming that you've already done that part somehow. Is there a HOWTO available which covers that part of the process? I would really like to handle that part using unix tools as it would be significantly more convenient than doing something from the windows end.
Apparently Analagous Threads
- Urgent help request!
- Samba 3.0.2 - Unix Name Mapping not working properly with Windows 2003 ADS with Trust to NT 4.0 PDC, running on RH AS 3.0
- Samba-3.0.23 problem
- ldap machine account: bad RID, no SambaPrimaruGroupSID, since 3.0.23c
- Retry: Mapping AD domain users to UNIX users