BOTZ Franck (Informaticien) - DDT 67/SG/MGI/CI
2013-Feb-20 20:05 UTC
[Samba] Samba 4 DC - idmap config on a samba 4 member server
Hi
I configure a member server as discribe on this page :
http://wiki.samba.org/index.php/Samba4/Domain_Member
My smb.conf looks like that :
[global]
workgroup = DDCS
security = ADS
realm = DDCS.LOCAL
encrypt passwords = yes
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config DDCS:backend = ad
idmap config DDCS:schema_mode = rfc2307
idmap config DDCS:range = 500-40000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
With this config, wbinfo -u and -g works fine but getent passwd or group
don't display AD user or group.
I test that :
[global]
workgroup = DDCS
security = ADS
realm = YOUR.SAMBA.DOMAIN.NAME
encrypt passwords = yes
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config TEST:backend = ad
idmap config TEST:schema_mode = rfc2307
idmap config TEST:range = 500-40000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
The workgroup name didn't change but on idmap config I replace DDCS with
TEST (or anything else) and the getent commands are yet OK.
Why ?
Regards
Franck
BOTZ Franck (Informaticien) - DDT 67/SG/MGI/CI
2013-Feb-20 20:39 UTC
[Samba] Samba 4 DC - idmap config on a samba 4 member server
Without idmap line, it work too.
[global]
workgroup = DDCS
security = ADS
realm = DDCS.LOCAL
encrypt passwords = yes
# idmap config *:backend = tdb
# idmap config *:range = 70001-80000
# idmap config DDCS:backend = ad
# idmap config DDCS:schema_mode = rfc2307
# idmap config DDCS:range = 500-40000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
What is the really role of idmap's line ?
I have of to miss something