Rowland,
I decided to start over with a fresh install and attempted again.
Only change I made was to start my mappings at 10000. I gave 'Domain
Users' group gid 10000 and 'tuser' has uid 10001. Still didn't
work btw.
dn: CN=Test User,CN=Users,DC=domain,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Test User
sn: User
givenName: Test
instanceType: 4
whenCreated: 20141231172021.0Z
displayName: Test User
uSNCreated: 477557
name: Test User
objectGUID: 90f95763-fe52-42b9-af86-8a84a4d5dd78
userAccountControl: 66048
codePage: 0
countryCode: 0
pwdLastSet: 130645200220000000
primaryGroupID: 513
objectSid: S-1-5-21-940051827-2291820289-3341758437-3126
accountExpires: 9223372036854775807
sAMAccountName: tuser
sAMAccountType: 805306368
userPrincipalName: tuser at domain.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=local
unixUserPassword: ABCD!efgh12345$67890
uid: tuser
msSFU30Name: tuser
msSFU30NisDomain: domain
uidNumber: 10001
loginShell: /bin/sh
unixHomeDirectory: /home/tuser
gidNumber: 10000
whenChanged: 20141231185807.0Z
uSNChanged: 477620
distinguishedName: CN=Test User,CN=Users,DC=domain,DC=local
On 12/31/2014 1:50 PM, Rowland Penny wrote:> On 31/12/14 18:28, James wrote:
>> Hi Rowland,
>>
>> passwd: compat winbind
>> group: compat winbind
>>
>> 'getent passwd tuser' results in a blank terminal line.
>>
>>
>> On 12/31/2014 1:12 PM, Rowland Penny wrote:
>>> On 31/12/14 17:55, James wrote:
>>>> Hi Rowland,
>>>>
>>>> I did. Unfortunately something is still amiss. I do receive
a
>>>> response from 'getent group domain users'(users:x:100).
>>>>
>>>> On 12/31/2014 12:26 PM, Rowland Penny wrote:
>>>>> On 31/12/14 17:23, James wrote:
>>>>>> Rowland,
>>>>>>
>>>>>> I set a user with a uid and domain users group with
a gid but
>>>>>> I'm still unable to view them using 'id'. I
do notice a few
>>>>>> strange observations. If I go to another user to
attempt to
>>>>>> assign a uid. I get the default value of 10000. I would
expect
>>>>>> 2001 given I set the first user with uid 2000. Groups
however
>>>>>> appear to increment.
>>>>>>
>>>>>> On 12/31/2014 10:52 AM, Rowland Penny wrote:
>>>>>>> On 31/12/14 15:42, James wrote:
>>>>>>>> Hello Stefan,
>>>>>>>>
>>>>>>>> I learned the hard way about .local. I
understand going
>>>>>>>> forward.
>>>>>>>>
>>>>>>>> I do have an issue with the member server.
Following along with
>>>>>>>> the wiki I get stuck at 'Testing the
Winbind user/group
>>>>>>>> mapping'. Wbinfo works as expected but not
>>>>>>>>
>>>>>>>> #*id DomainUser*
>>>>>>>>
>>>>>>>> #*getent passwd*
>>>>>>>>
>>>>>>>> #*getent group*
>>>>>>>>
>>>>>>>> #*chown DomainUser:DomainGroup file*
>>>>>>>>
>>>>>>>> #*chgrp DomainGroup file*
>>>>>>>>
>>>>>>>> etc.
>>>>>>>>
>>>>>>>> I receive 'id: sambauser: No such
user'. It will only retrieve
>>>>>>>> local machine users. Let me preface by saying
this is a Ubuntu
>>>>>>>> 12.04 server with Samba 4.1.14. Thanks.
>>>>>>>>
>>>>>>>> On 12/31/2014 10:00 AM, Stefan Kania wrote:
>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>> Hash: SHA1
>>>>>>>>>
>>>>>>>>> Hello James,
>>>>>>>>>
>>>>>>>>> Am 31.12.2014 um 15:48 schrieb James:>
Hello,
>>>>>>>>>> I'm following along with the
wiki(Setup a Samba AD Member
>>>>>>>>>> Server)
>>>>>>>>>> and I have a question after reading the
'Set up a basic
>>>>>>>>>> smb.conf'
>>>>>>>>>> section.
>>>>>>>>> Please show us your smb.conf
>>>>>>>>>
>>>>>>>>> Do I need to extend the schema in order
for my member server to
>>>>>>>>>> successfully join and service file
shares?
>>>>>>>>> No, you dont have to.
>>>>>>>>>
>>>>>>>>> Do I need to configure a
>>>>>>>>>> krb5.conf file? Thanks.
>>>>>>>>> If your DC is a samba4 DC just copy
krb5.conf to your new
>>>>>>>>> memberserver
>>>>>>>>> Stefan
>>>>>>>>>
>>>>>>>>> - -- Stefan Kania
>>>>>>>>> Landweg 13
>>>>>>>>> 25693 St. Michaelisdonn
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Signieren jeder E-Mail hilft Spam zu
reduzieren. Signieren Sie
>>>>>>>>> ihre
>>>>>>>>> E-Mail. Weiter Informationen unter
http://www.gnupg.org
>>>>>>>>>
>>>>>>>>> Mein Schl?ssel liegt auf
>>>>>>>>>
>>>>>>>>> hkp://subkeys.pgp.net
>>>>>>>>>
>>>>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>>>>> Version: GnuPG v1
>>>>>>>>>
>>>>>>>>>
iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7
>>>>>>>>> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN
>>>>>>>>> =SOSt
>>>>>>>>> -----END PGP SIGNATURE-----
>>>>>>>>
>>>>>>>
>>>>>>> If you followed the wiki, you will be using the
'ad' backend.
>>>>>>> For this to work, you need to add
'uidNumber' attributes to your
>>>>>>> users and a 'gidNumber' attribute to at
least the Domain Users
>>>>>>> group. the numbers that you add must be between the
range you
>>>>>>> set in your smb.conf, again if you followed the
wiki, this will
>>>>>>> be between 500-40000.
>>>>>>>
>>>>>>> Rowland
>>>>>>
>>>>>
>>>>> You have restarted samba, haven't you ?
>>>>> You may have to wait a short time, or clear the cache with
'net
>>>>> cache flush'
>>>>>
>>>>> Rowland
>>>>>
>>>>
>>> OK, can you post the 'passwd' & 'group' lines
from /etc/nsswitch
>>>
>>> Do you get anything from 'getent passwd <a domain
user>'
>>>
>>> Rowland
>>>
>>
> OK, install ldb-tools if not already installed, then run:
>
> ldbedit -e nano -H /var/lib/samba/private/sam.ldb sAMAccountName=tuser
>
> Post the (sanitized) result
>
> Rowland
>
--
-James
On 31/12/14 19:07, James wrote:> Rowland, > > I decided to start over with a fresh install and attempted again. > Only change I made was to start my mappings at 10000. I gave 'Domain > Users' group gid 10000 and 'tuser' has uid 10001. Still didn't work btw. > > dn: CN=Test User,CN=Users,DC=domain,DC=local > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > cn: Test User > sn: User > givenName: Test > instanceType: 4 > whenCreated: 20141231172021.0Z > displayName: Test User > uSNCreated: 477557 > name: Test User > objectGUID: 90f95763-fe52-42b9-af86-8a84a4d5dd78 > userAccountControl: 66048 > codePage: 0 > countryCode: 0 > pwdLastSet: 130645200220000000 > primaryGroupID: 513 > objectSid: S-1-5-21-940051827-2291820289-3341758437-3126 > accountExpires: 9223372036854775807 > sAMAccountName: tuser > sAMAccountType: 805306368 > userPrincipalName: tuser at domain.local > objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=local > unixUserPassword: ABCD!efgh12345$67890 > uid: tuser > msSFU30Name: tuser > msSFU30NisDomain: domain > uidNumber: 10001 > loginShell: /bin/sh > unixHomeDirectory: /home/tuser > gidNumber: 10000 > whenChanged: 20141231185807.0Z > uSNChanged: 477620 > distinguishedName: CN=Test User,CN=Users,DC=domain,DC=local > > > On 12/31/2014 1:50 PM, Rowland Penny wrote: >> On 31/12/14 18:28, James wrote: >>> Hi Rowland, >>> >>> passwd: compat winbind >>> group: compat winbind >>> >>> 'getent passwd tuser' results in a blank terminal line. >>> >>> >>> On 12/31/2014 1:12 PM, Rowland Penny wrote: >>>> On 31/12/14 17:55, James wrote: >>>>> Hi Rowland, >>>>> >>>>> I did. Unfortunately something is still amiss. I do receive a >>>>> response from 'getent group domain users'(users:x:100). >>>>> >>>>> On 12/31/2014 12:26 PM, Rowland Penny wrote: >>>>>> On 31/12/14 17:23, James wrote: >>>>>>> Rowland, >>>>>>> >>>>>>> I set a user with a uid and domain users group with a gid >>>>>>> but I'm still unable to view them using 'id'. I do notice a few >>>>>>> strange observations. If I go to another user to attempt to >>>>>>> assign a uid. I get the default value of 10000. I would expect >>>>>>> 2001 given I set the first user with uid 2000. Groups however >>>>>>> appear to increment. >>>>>>> >>>>>>> On 12/31/2014 10:52 AM, Rowland Penny wrote: >>>>>>>> On 31/12/14 15:42, James wrote: >>>>>>>>> Hello Stefan, >>>>>>>>> >>>>>>>>> I learned the hard way about .local. I understand going >>>>>>>>> forward. >>>>>>>>> >>>>>>>>> I do have an issue with the member server. Following along >>>>>>>>> with the wiki I get stuck at 'Testing the Winbind user/group >>>>>>>>> mapping'. Wbinfo works as expected but not >>>>>>>>> >>>>>>>>> #*id DomainUser* >>>>>>>>> >>>>>>>>> #*getent passwd* >>>>>>>>> >>>>>>>>> #*getent group* >>>>>>>>> >>>>>>>>> #*chown DomainUser:DomainGroup file* >>>>>>>>> >>>>>>>>> #*chgrp DomainGroup file* >>>>>>>>> >>>>>>>>> etc. >>>>>>>>> >>>>>>>>> I receive 'id: sambauser: No such user'. It will only retrieve >>>>>>>>> local machine users. Let me preface by saying this is a Ubuntu >>>>>>>>> 12.04 server with Samba 4.1.14. Thanks. >>>>>>>>> >>>>>>>>> On 12/31/2014 10:00 AM, Stefan Kania wrote: >>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>>>>>> Hash: SHA1 >>>>>>>>>> >>>>>>>>>> Hello James, >>>>>>>>>> >>>>>>>>>> Am 31.12.2014 um 15:48 schrieb James:> Hello, >>>>>>>>>>> I'm following along with the wiki(Setup a Samba AD Member >>>>>>>>>>> Server) >>>>>>>>>>> and I have a question after reading the 'Set up a basic >>>>>>>>>>> smb.conf' >>>>>>>>>>> section. >>>>>>>>>> Please show us your smb.conf >>>>>>>>>> >>>>>>>>>> Do I need to extend the schema in order for my member >>>>>>>>>> server to >>>>>>>>>>> successfully join and service file shares? >>>>>>>>>> No, you dont have to. >>>>>>>>>> >>>>>>>>>> Do I need to configure a >>>>>>>>>>> krb5.conf file? Thanks. >>>>>>>>>> If your DC is a samba4 DC just copy krb5.conf to your new >>>>>>>>>> memberserver >>>>>>>>>> Stefan >>>>>>>>>> >>>>>>>>>> - -- Stefan Kania >>>>>>>>>> Landweg 13 >>>>>>>>>> 25693 St. Michaelisdonn >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren >>>>>>>>>> Sie ihre >>>>>>>>>> E-Mail. Weiter Informationen unter http://www.gnupg.org >>>>>>>>>> >>>>>>>>>> Mein Schl?ssel liegt auf >>>>>>>>>> >>>>>>>>>> hkp://subkeys.pgp.net >>>>>>>>>> >>>>>>>>>> -----BEGIN PGP SIGNATURE----- >>>>>>>>>> Version: GnuPG v1 >>>>>>>>>> >>>>>>>>>> iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7 >>>>>>>>>> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN >>>>>>>>>> =SOSt >>>>>>>>>> -----END PGP SIGNATURE----- >>>>>>>>> >>>>>>>> >>>>>>>> If you followed the wiki, you will be using the 'ad' backend. >>>>>>>> For this to work, you need to add 'uidNumber' attributes to >>>>>>>> your users and a 'gidNumber' attribute to at least the Domain >>>>>>>> Users group. the numbers that you add must be between the range >>>>>>>> you set in your smb.conf, again if you followed the wiki, this >>>>>>>> will be between 500-40000. >>>>>>>> >>>>>>>> Rowland >>>>>>> >>>>>> >>>>>> You have restarted samba, haven't you ? >>>>>> You may have to wait a short time, or clear the cache with 'net >>>>>> cache flush' >>>>>> >>>>>> Rowland >>>>>> >>>>> >>>> OK, can you post the 'passwd' & 'group' lines from /etc/nsswitch >>>> >>>> Do you get anything from 'getent passwd <a domain user>' >>>> >>>> Rowland >>>> >>> >> OK, install ldb-tools if not already installed, then run: >> >> ldbedit -e nano -H /var/lib/samba/private/sam.ldb sAMAccountName=tuser >> >> Post the (sanitized) result >> >> Rowland >> >OK, you added that user with ADUC (RSAT) and as such you are using the std windows start number 10000, which is the way I run samba. Here is my smb.conf from the laptop I am writing this on: [global] workgroup = EXAMPLE security = ADS realm = EXAMPLE.COM dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab server string = Samba 4 Client %h winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind expand groups = 4 winbind nss info = rfc2307 winbind refresh tickets = Yes winbind normalize names = Yes idmap config * : backend = tdb idmap config * : range = 2000-9999 idmap config EXAMPLE : backend = ad idmap config EXAMPLE : range = 10000-999999 idmap config EXAMPLE : schema_mode = rfc2307 printcap name = cups cups options = raw usershare allow guests = yes domain master = no local master = no preferred master = no os level = 20 map to guest = bad user vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes Compare it with yours, I can assure you it works. Rowland
Hi Rowland,
I forgot to tell you the results were from my Domain Controller and
not the member server. Member server returned something to the effect of
'user not found'. I am only starting the 3 services(smbd,nmbd and
windbindd) listed in the wiki. Should I be starting Samba with command
line switches to start as a member server? Is that even possible?
Thanks for you smb.conf. I will attempt again using your smb.conf
as a template and try again.
On 12/31/2014 2:20 PM, Rowland Penny wrote:> On 31/12/14 19:07, James wrote:
>> Rowland,
>>
>> I decided to start over with a fresh install and attempted again.
>> Only change I made was to start my mappings at 10000. I gave
'Domain
>> Users' group gid 10000 and 'tuser' has uid 10001. Still
didn't work btw.
>>
>> dn: CN=Test User,CN=Users,DC=domain,DC=local
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> cn: Test User
>> sn: User
>> givenName: Test
>> instanceType: 4
>> whenCreated: 20141231172021.0Z
>> displayName: Test User
>> uSNCreated: 477557
>> name: Test User
>> objectGUID: 90f95763-fe52-42b9-af86-8a84a4d5dd78
>> userAccountControl: 66048
>> codePage: 0
>> countryCode: 0
>> pwdLastSet: 130645200220000000
>> primaryGroupID: 513
>> objectSid: S-1-5-21-940051827-2291820289-3341758437-3126
>> accountExpires: 9223372036854775807
>> sAMAccountName: tuser
>> sAMAccountType: 805306368
>> userPrincipalName: tuser at domain.local
>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=local
>> unixUserPassword: ABCD!efgh12345$67890
>> uid: tuser
>> msSFU30Name: tuser
>> msSFU30NisDomain: domain
>> uidNumber: 10001
>> loginShell: /bin/sh
>> unixHomeDirectory: /home/tuser
>> gidNumber: 10000
>> whenChanged: 20141231185807.0Z
>> uSNChanged: 477620
>> distinguishedName: CN=Test User,CN=Users,DC=domain,DC=local
>>
>>
>> On 12/31/2014 1:50 PM, Rowland Penny wrote:
>>> On 31/12/14 18:28, James wrote:
>>>> Hi Rowland,
>>>>
>>>> passwd: compat winbind
>>>> group: compat winbind
>>>>
>>>> 'getent passwd tuser' results in a blank terminal line.
>>>>
>>>>
>>>> On 12/31/2014 1:12 PM, Rowland Penny wrote:
>>>>> On 31/12/14 17:55, James wrote:
>>>>>> Hi Rowland,
>>>>>>
>>>>>> I did. Unfortunately something is still amiss. I do
receive a
>>>>>> response from 'getent group domain
users'(users:x:100).
>>>>>>
>>>>>> On 12/31/2014 12:26 PM, Rowland Penny wrote:
>>>>>>> On 31/12/14 17:23, James wrote:
>>>>>>>> Rowland,
>>>>>>>>
>>>>>>>> I set a user with a uid and domain users
group with a gid
>>>>>>>> but I'm still unable to view them using
'id'. I do notice a few
>>>>>>>> strange observations. If I go to another user
to attempt to
>>>>>>>> assign a uid. I get the default value of 10000.
I would expect
>>>>>>>> 2001 given I set the first user with uid 2000.
Groups however
>>>>>>>> appear to increment.
>>>>>>>>
>>>>>>>> On 12/31/2014 10:52 AM, Rowland Penny wrote:
>>>>>>>>> On 31/12/14 15:42, James wrote:
>>>>>>>>>> Hello Stefan,
>>>>>>>>>>
>>>>>>>>>> I learned the hard way about
.local. I understand going
>>>>>>>>>> forward.
>>>>>>>>>>
>>>>>>>>>> I do have an issue with the member
server. Following along
>>>>>>>>>> with the wiki I get stuck at
'Testing the Winbind user/group
>>>>>>>>>> mapping'. Wbinfo works as expected
but not
>>>>>>>>>>
>>>>>>>>>> #*id DomainUser*
>>>>>>>>>>
>>>>>>>>>> #*getent passwd*
>>>>>>>>>>
>>>>>>>>>> #*getent group*
>>>>>>>>>>
>>>>>>>>>> #*chown DomainUser:DomainGroup file*
>>>>>>>>>>
>>>>>>>>>> #*chgrp DomainGroup file*
>>>>>>>>>>
>>>>>>>>>> etc.
>>>>>>>>>>
>>>>>>>>>> I receive 'id: sambauser: No such
user'. It will only
>>>>>>>>>> retrieve local machine users. Let me
preface by saying this
>>>>>>>>>> is a Ubuntu 12.04 server with Samba
4.1.14. Thanks.
>>>>>>>>>>
>>>>>>>>>> On 12/31/2014 10:00 AM, Stefan Kania
wrote:
>>>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>>>> Hash: SHA1
>>>>>>>>>>>
>>>>>>>>>>> Hello James,
>>>>>>>>>>>
>>>>>>>>>>> Am 31.12.2014 um 15:48 schrieb
James:> Hello,
>>>>>>>>>>>> I'm following along with
the wiki(Setup a Samba AD Member
>>>>>>>>>>>> Server)
>>>>>>>>>>>> and I have a question after
reading the 'Set up a basic
>>>>>>>>>>>> smb.conf'
>>>>>>>>>>>> section.
>>>>>>>>>>> Please show us your smb.conf
>>>>>>>>>>>
>>>>>>>>>>> Do I need to extend the schema in
order for my member
>>>>>>>>>>> server to
>>>>>>>>>>>> successfully join and service
file shares?
>>>>>>>>>>> No, you dont have to.
>>>>>>>>>>>
>>>>>>>>>>> Do I need to configure a
>>>>>>>>>>>> krb5.conf file? Thanks.
>>>>>>>>>>> If your DC is a samba4 DC just copy
krb5.conf to your new
>>>>>>>>>>> memberserver
>>>>>>>>>>> Stefan
>>>>>>>>>>>
>>>>>>>>>>> - -- Stefan Kania
>>>>>>>>>>> Landweg 13
>>>>>>>>>>> 25693 St. Michaelisdonn
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Signieren jeder E-Mail hilft Spam
zu reduzieren. Signieren
>>>>>>>>>>> Sie ihre
>>>>>>>>>>> E-Mail. Weiter Informationen unter
http://www.gnupg.org
>>>>>>>>>>>
>>>>>>>>>>> Mein Schl?ssel liegt auf
>>>>>>>>>>>
>>>>>>>>>>> hkp://subkeys.pgp.net
>>>>>>>>>>>
>>>>>>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>>>>>>> Version: GnuPG v1
>>>>>>>>>>>
>>>>>>>>>>>
iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7
>>>>>>>>>>>
>>>>>>>>>>> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN
>>>>>>>>>>> =SOSt
>>>>>>>>>>> -----END PGP SIGNATURE-----
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> If you followed the wiki, you will be using
the 'ad' backend.
>>>>>>>>> For this to work, you need to add
'uidNumber' attributes to
>>>>>>>>> your users and a 'gidNumber'
attribute to at least the Domain
>>>>>>>>> Users group. the numbers that you add must
be between the
>>>>>>>>> range you set in your smb.conf, again if
you followed the
>>>>>>>>> wiki, this will be between 500-40000.
>>>>>>>>>
>>>>>>>>> Rowland
>>>>>>>>
>>>>>>>
>>>>>>> You have restarted samba, haven't you ?
>>>>>>> You may have to wait a short time, or clear the
cache with 'net
>>>>>>> cache flush'
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>>
>>>>> OK, can you post the 'passwd' & 'group'
lines from /etc/nsswitch
>>>>>
>>>>> Do you get anything from 'getent passwd <a domain
user>'
>>>>>
>>>>> Rowland
>>>>>
>>>>
>>> OK, install ldb-tools if not already installed, then run:
>>>
>>> ldbedit -e nano -H /var/lib/samba/private/sam.ldb
sAMAccountName=tuser
>>>
>>> Post the (sanitized) result
>>>
>>> Rowland
>>>
>>
>
> OK, you added that user with ADUC (RSAT) and as such you are using the
> std windows start number 10000, which is the way I run samba. Here is
> my smb.conf from the laptop I am writing this on:
>
> [global]
> workgroup = EXAMPLE
> security = ADS
> realm = EXAMPLE.COM
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> server string = Samba 4 Client %h
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> winbind expand groups = 4
> winbind nss info = rfc2307
> winbind refresh tickets = Yes
> winbind normalize names = Yes
> idmap config * : backend = tdb
> idmap config * : range = 2000-9999
> idmap config EXAMPLE : backend = ad
> idmap config EXAMPLE : range = 10000-999999
> idmap config EXAMPLE : schema_mode = rfc2307
> printcap name = cups
> cups options = raw
> usershare allow guests = yes
> domain master = no
> local master = no
> preferred master = no
> os level = 20
> map to guest = bad user
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> Compare it with yours, I can assure you it works.
>
> Rowland
>
--
-James