samba - Mar 2019 - idmaps, again

On Fri, 22 Mar 2019 16:11:58 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org>
wrote:
> Am 22.03.19 um 11:43 schrieb Stefan G. Weichinger via samba:
> > Am 22.03.19 um 11:01 schrieb Rowland Penny via samba:
> >   
> >>> Would the users itself need some editing as well (inside
> >>> LDAP/AD)?  
> >>
> >> This is really up to you, you could, if you so wish, remove all
the
> >> rfc2307 attributes from AD, or you could just ignore them.  
> > 
> > nice. sounds like my weekend project ;-)   *sigh*
> > 
> > thanks a lot ... will check my backups asap  
> 
> change is through, my tests look good to me
> 
> I now run on the DM server:
> 
> 
> # samba-tool testparm
> 
> [global]
> 	dedicated keytab file = /etc/krb5.keytab
> 	interfaces = bond0
> 	kerberos method = secrets and keytab
> 	log file = /var/log/samba/%m.log
> 	log level = 2
> 	printcap name = /dev/null
> 	realm = ARBEITSGRUPPE.MY-TLD.AT
> 	security = ADS
> 	template homedir = /mnt/samba/Daten/%U
> 	template shell = /bin/bash
> 	username map = /etc/samba/user.map
> 	winbind nss info = template
> 	winbind refresh tickets = Yes
> 	winbind use default domain = Yes
> 	workgroup = ARBEITSGRUPPE
> 	idmap config arbeitsgruppe:schema_mode = rfc2307
> 	idmap config arbeitsgruppe:unix_nss_info = yes
You can remove the two lines above, they are not used with the 'rid'
backend.

Rowland

Am 22.03.19 um 16:35 schrieb Rowland Penny via samba:
> On Fri, 22 Mar 2019 16:11:58 +0100
> "Stefan G. Weichinger via samba" <samba at lists.samba.org>
wrote:
> 
>> Am 22.03.19 um 11:43 schrieb Stefan G. Weichinger via samba:
>>> Am 22.03.19 um 11:01 schrieb Rowland Penny via samba:
>>>   
>>>>> Would the users itself need some editing as well (inside
>>>>> LDAP/AD)?  
>>>>
>>>> This is really up to you, you could, if you so wish, remove all
the
>>>> rfc2307 attributes from AD, or you could just ignore them.  
>>>
>>> nice. sounds like my weekend project ;-)   *sigh*
>>>
>>> thanks a lot ... will check my backups asap  
>>
>> change is through, my tests look good to me
>>
>> I now run on the DM server:
>>
>>
>> # samba-tool testparm
>>
>> [global]
>> 	dedicated keytab file = /etc/krb5.keytab
>> 	interfaces = bond0
>> 	kerberos method = secrets and keytab
>> 	log file = /var/log/samba/%m.log
>> 	log level = 2
>> 	printcap name = /dev/null
>> 	realm = ARBEITSGRUPPE.MY-TLD.AT
>> 	security = ADS
>> 	template homedir = /mnt/samba/Daten/%U
>> 	template shell = /bin/bash
>> 	username map = /etc/samba/user.map
>> 	winbind nss info = template
>> 	winbind refresh tickets = Yes
>> 	winbind use default domain = Yes
>> 	workgroup = ARBEITSGRUPPE
>> 	idmap config arbeitsgruppe:schema_mode = rfc2307
>> 	idmap config arbeitsgruppe:unix_nss_info = yes
> 
> You can remove the two lines above, they are not used with the
'rid'
> backend.
done, nice, thanks ;-)

I now wait for their admin to click around and test his PCs etc

Am 22.03.19 um 19:03 schrieb Stefan G. Weichinger via samba:
> I now wait for their admin to click around and test his PCs etc
Just to close here (hopefully) and add "resolved, thanks!":

resolved, thanks!

;-)

Stefan