the documentation says idmap config SAMDOM: backend = ad idmap config SAMDOM: schema_mode = rfc2307 idmap config SAMDOM: range = 10000-999999 Why the parameter idmap config SAMDOM: range = 10000-999999 if the guig uuid is defined on the side AD в Unix Attributes 15.06.2018 12:18, Rowland Penny via samba пишет:> If you did, then you must have completely misunderstood it, you need > 'idmap config' lines (and other lines)
On Fri, 15 Jun 2018 13:27:30 +0500 Шигапов Денис Вильданович via samba <samba at lists.samba.org> wrote:> the documentation says > > idmap config SAMDOM: backend = ad > idmap config SAMDOM: schema_mode = rfc2307 > idmap config SAMDOM: range = 10000-999999 > Why the parameter > idmap config SAMDOM: range = 10000-999999 if the > guig uuid is defined on the side AD в Unix AttributesI think you are asking 'why do I need these lines, If I have added uidNumber & gidNumber attributes to AD' You need them because all your users & groups will be ignored (i.e. as is happening now) by Samba, unless you have them. You also need the other two lines: idmap config * : backend = tdb idmap config * : range = 3000-7999 These are required for the 'Well Known SIDs' and anything else outside the domain. Also the 'SAMDOM' range must reflect the range of the uidNumber & gidNumber attributes you have set in AD, any that are outside the range will be ignored. You also need to replace 'SAMDOM' with your workgroup name (not your realm) Rowland
Many thanks and after writing Unix attributes in AD and executing the command "net cache flush" uuid, guid will be the same in DC server and Share servers 15.06.2018 13:46, Rowland Penny via samba пишет:> I think you are asking 'why do I need these lines, If I have added > uidNumber & gidNumber attributes to AD' > > You need them because all your users & groups will be ignored (i.e. as > is happening now) by Samba, unless you have them. > > You also need the other two lines: > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > > These are required for the 'Well Known SIDs' and anything else outside > the domain. > > Also the 'SAMDOM' range must reflect the range of the uidNumber & > gidNumber attributes you have set in AD, any that are outside the range > will be ignored. > > You also need to replace 'SAMDOM' with your workgroup name (not your > realm)-- Шигапов Денис системный администратор группы компаний "Стройландия" тел. 8 3532 997-777 доб. 8715 сот. 8 906 837-60-79 email denis.shigapov at stroylandiya.ru web https://stroylandiya.ru