This samba file server is a ldap client? and a AD client.
So? listening port is not a problem.? I just worry about idmapping.
Arnaud
Le 30/03/2024 ? 09:19, Rowland Penny via samba a ?crit?:> On Thu, 28 Mar 2024 17:00:48 +0100 (CET)
> Arnaud Bougeard via samba <samba at lists.samba.org> wrote:
>
>> Thanks Rowland for you answer.
>>
>> I passed the idmap config UR parameter: unix_nss_info to yes and it
>> works
>>
>> I work in university with a large number of users.
>> The RIDs which I understand like the last digits of the SID are from
>> 1000 to 300000 and uid from the LDAP are from 500 to 29009894.
>>
>> So I don't really know what to do with it ?
>>
>> I modify idmap to:
>> idmap config * : backend = tdb
>> idmap config * : range = 16777216-33554431
>> idmap config UR : backend = ad
>> idmap config UR : range = 1000-350000
>> idmap config UR : unix_nss_info = yes
>> Is it good ?
>>
> You ignore the 'ldap', Samba will not 'talk' to it.
>
> You are running Samba with 'security = ADS' and it is a member of
the
> 'UR' NetBIOS domain. This means that 'winbind' will look
for and use
> the AD DCs in the 'UR' domain, it will not look for or use any
other
> ldap.
>
> You may have a problem here, AD uses the ldap ports '389',
'636',
> '3268' and '3269', ldap by default also uses '389'
and '636'. You
> cannot have two programs using the same ports.
>
> I think you have a couple of options here:
> 1) Move everything that is in ldap to AD and then turn the ldap off.
> 2) Move the ldap to another machine and then somehow sync the users
> (including passwords) & groups to AD.
>
> Rowland
>