On Thu, 28 Mar 2024 11:12:12 +0100 Arnaud Bougeard via samba <samba at lists.samba.org> wrote:> Hello > > I think I have a mapping problem. > > The server was added to the domain with sudo net ads join -U > adj-compo at ur.local > > The server is also connected to an LDAP server via SSD > > When loading the user's homes, the server does not look for the > correct homedir path which should be /private/student/7/17/tdsi917 > for the user tdsi917 > > Here are the values and variables retrieved by the 3 commands: > > # getent passwd ur\\tdsi917 > tdsi917:*:16945606:16977729::/home/UR/tdsi917:/bin/false > > # getent passwd tdsi917 > tdsi917:*:122025:99999:test > dsi917:/private/student/7/17/tdsi917:/usr/local/bin/ur1shell > > # id tdsi917 > uid=122025(tdsi917) gid=99999 > groupes=99999,16945606(tdsi917),16977729(domain > users),17138962($ijv700-jaannteirkd3),17169934($ert800-5ggunedtuc7k),17121891($3ue700-90qmsldqmphu),16975181($da1600-8q4gb3joj2c9),17156453($5mg800-qp8djjrmdrod),17155068($saf800-r89h2bc6j7a6),17098681($p8o600-b3lnss0ku69r),17098673($h8o600-asepe2uhj93k),17121890($2ue700-3vk366s8s8nf),17169935($frt800-8l9h6ago3m6l),17131976($8po700-dj95nr2nh69g),17138960($gjv700-3rcp24o2rlvs),17131837($tko700-b5g5n6ti3aor),17138961($hjv700-5pebr12ui2pt),16974329($pf0600-svtpf15svlnj),17144064($0j4800-12qqqai06tc5),16966428($soo500-kso5c5o4qd6c),17169933($drt800-91fnd965nvcg),17169365($l9t800-1i3jm4qpr31r),16777217(BUILTIN\users) > > > Here is my samba config /etc/samba/smb.conf > [global] > netbios name = spartacus-test > workgroup = ur > realm = UR.LOCALI do hope that '.local' is sanitisation for your correct TLD.> log file = /var/log/samba/%m.log > log level = 3 > security = ads > idmap config * : backend = tdb > idmap config * : range = 16777216-33554431The default domain '*' is meant for the Well Known SIDs (and there are less than 200 of them) and anything outside the 'UR' domain (so really 0), so why have you got a range that allows for 16 million, seven hundred and seventy seven thousand, two hundred and twenty five users?> idmap config UR : unix_nssinfo = no > idmap config UR: schema_mode = rfc2307It looks to me that you are possibly wanting to use the 'ad' idmap backend for the 'UR' domain, if so, you are a couple of lines missing (at least) idmap config UR : backend = ad idmap config UR : range = 10000-999999 Though this will require that you have added rfc2307 attributes to AD, have you done this ? Rowland
Thanks Rowland for you answer. I passed the idmap config UR parameter: unix_nss_info to yes and it works I work in university with a large number of users. The RIDs which I understand like the last digits of the SID are from 1000 to 300000 and uid from the LDAP are from 500 to 29009894. So I don't really know what to do with it ? I modify idmap to: idmap config * : backend = tdb idmap config * : range = 16777216-33554431 idmap config UR : backend = ad idmap config UR : range = 1000-350000 idmap config UR : unix_nss_info = yes Is it good ? ----- Mail original ----- De: "Rowland Penny via samba" <samba at lists.samba.org> ?: samba at lists.samba.org Cc: "Rowland Penny" <rpenny at samba.org> Envoy?: Jeudi 28 Mars 2024 12:03:37 Objet: Re: [Samba] bad home path from AD On Thu, 28 Mar 2024 11:12:12 +0100 Arnaud Bougeard via samba <samba at lists.samba.org> wrote:> Hello > > I think I have a mapping problem. > > The server was added to the domain with sudo net ads join -U > adj-compo at ur.local > > The server is also connected to an LDAP server via SSD > > When loading the user's homes, the server does not look for the > correct homedir path which should be /private/student/7/17/tdsi917 > for the user tdsi917 > > Here are the values and variables retrieved by the 3 commands: > > # getent passwd ur\\tdsi917 > tdsi917:*:16945606:16977729::/home/UR/tdsi917:/bin/false > > # getent passwd tdsi917 > tdsi917:*:122025:99999:test > dsi917:/private/student/7/17/tdsi917:/usr/local/bin/ur1shell > > # id tdsi917 > uid=122025(tdsi917) gid=99999 > groupes=99999,16945606(tdsi917),16977729(domain > users),17138962($ijv700-jaannteirkd3),17169934($ert800-5ggunedtuc7k),17121891($3ue700-90qmsldqmphu),16975181($da1600-8q4gb3joj2c9),17156453($5mg800-qp8djjrmdrod),17155068($saf800-r89h2bc6j7a6),17098681($p8o600-b3lnss0ku69r),17098673($h8o600-asepe2uhj93k),17121890($2ue700-3vk366s8s8nf),17169935($frt800-8l9h6ago3m6l),17131976($8po700-dj95nr2nh69g),17138960($gjv700-3rcp24o2rlvs),17131837($tko700-b5g5n6ti3aor),17138961($hjv700-5pebr12ui2pt),16974329($pf0600-svtpf15svlnj),17144064($0j4800-12qqqai06tc5),16966428($soo500-kso5c5o4qd6c),17169933($drt800-91fnd965nvcg),17169365($l9t800-1i3jm4qpr31r),16777217(BUILTIN\users) > > > Here is my samba config /etc/samba/smb.conf > [global] > netbios name = spartacus-test > workgroup = ur > realm = UR.LOCALI do hope that '.local' is sanitisation for your correct TLD.> log file = /var/log/samba/%m.log > log level = 3 > security = ads > idmap config * : backend = tdb > idmap config * : range = 16777216-33554431The default domain '*' is meant for the Well Known SIDs (and there are less than 200 of them) and anything outside the 'UR' domain (so really 0), so why have you got a range that allows for 16 million, seven hundred and seventy seven thousand, two hundred and twenty five users?> idmap config UR : unix_nssinfo = no > idmap config UR: schema_mode = rfc2307It looks to me that you are possibly wanting to use the 'ad' idmap backend for the 'UR' domain, if so, you are a couple of lines missing (at least) idmap config UR : backend = ad idmap config UR : range = 10000-999999 Though this will require that you have added rfc2307 attributes to AD, have you done this ? Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba