Hello,
I traditionally use the 'ad' backend on member machines with
rfc2307. I decided to give 'rid' a go on a server only performing
authentication. Everything went well with join but I have a few
questions. First my smb.conf on Ubuntu 16.04.4 LTS
[global]
security = ADS
workgroup = DOMAIN
realm = DOMAIN.LOCAL
log file = /var/log/samba/%m.log
log level = 1
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config DOMAIN : backend = rid
idmap config DOMAIN : range 10000-999999
winbind nss info = template
template shell = /bin/bash
template homedir = /home/%U
Output of 'getent group'
getent group "DOMAIN\\Domain Users"
DOMAIN\domain users:x:10513:
Output of 'getent passwd'
getent passwd DOMAIN\\James
DOMAIN\James:*:14659:10513:James Test:/home/james:/bin/bash
My other member servers that utilize the 'ad' backend utilize the same
DOMAIN range of 10000-999999 and I assign uid's and gid's via. RSAT.
* Is it OK to run multiple member servers with different domain
backends in a forest?
* Is it OK to use the same range with different domain backends?
Thanks.
--
--
James