On Wed, 12 Oct 2016 11:20:55 -0600
jacek burghardt <jaceksburghardt at gmail.com> wrote:
> I will try it.Is interesting i added new user to ad and i get this
> error get_user_from_kerberos_info: Username HEBE+zachary is invalid
> on this system I have this
> idmap config * : backend = rid
> idmap config * : range = 10000-20000
> idmap config HEBE : backend = ad
> idmap config HEBE : schema_mode = rfc2307
> idmap config HEBE : range = 50000-99999
> username map = /etc/samba/user.map
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
the '*' backend should be tdb and is used to store BUILTIN users and
groups. Your domain users & groups should stored in 'HEBE', but, as
you
have used the 'ad' backend, you will need to give your users a
uidNumber attribute inside '50000-99999', you will also have to give
'Domain Users' a gidNumber attribute inside the same range. These
attributes are not added automatically. If you use the 'rid' backend,
the id numbers will be mapped automatically and there is no need to
change AD.
Rowland