On 30/10/2020 13:17, Ralph Boehme wrote:> Am 10/30/20 um 12:39 PM schrieb Rowland penny via samba: >> On 30/10/2020 11:20, Ralph Boehme wrote: >>> Am 10/30/20 um 12:11 PM schrieb Rowland penny via samba: >>>> On 30/10/2020 11:06, Ralph Boehme via samba wrote: >>>>> Am 10/30/20 um 10:20 AM schrieb Thomas Besser via samba: >>>>>> Can I configure winbind to use 'local' users and groups from >>>>>> NSS? >>>>> there's idmap_nss that may work for you. >>>>> >>>>> -slow >>>> Already mentioned that, problem is it is an allocating backend, >>>> unless I am reading the manpage wrong. >>> ah, missed that. :) >>> >>> idmap_nss is not an allocating backend, I guess the manpage text >>> might be a bit misleading. >> A bit ? >> >> 'while using allocation to create new mappings' > well, the full text reads: > > This example shows how to use idmap_nss to check the local accounts > for its own domain while using allocation to create new mappings for > trusted domains > > [global] > idmap config * : backend = tdb > idmap config * : range = 1000000-1999999 > > idmap config SAMBA : backend = nss > idmap config SAMBA : range = 1000-999999 > > As trusted domains are handled by the default domain *, the sentence is > correct. > > Patches welcome to improve the wording. :) > > -slow >OK, before I go to the trouble of creating a patch, how about this instead: ? This example shows how to use idmap_nss to obtain the local account ? ID's for its own domain (SAMBA) from NSS, whilst allocating new mappings ? for the default domain (*) and any trusted domains. Rowland
Am 10/30/20 um 2:33 PM schrieb Rowland penny via samba:> On 30/10/2020 13:17, Ralph Boehme wrote: >> Patches welcome to improve the wording. :) >> > OK, before I go to the trouble of creating a patch, how about this instead: > > ? This example shows how to use idmap_nss to obtain the local account > ? ID's for its own domain (SAMBA) from NSS, whilst allocating new mappings > ? for the default domain (*) and any trusted domains.perfect! :) Thanks! -slow -- Ralph Boehme, Samba Team https://samba.org/ Samba Developer, SerNet GmbH https://sernet.de/en/samba/ GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20201030/3b7a4fe9/signature.sig>
Maybe add, Make sure you dont overlap the local user ID. The first create user on linux is often 1000 The example starts with 1000.. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Ralph Boehme via samba > Verzonden: vrijdag 30 oktober 2020 14:43 > Aan: Rowland penny; sambalist > Onderwerp: Re: [Samba] Samba as AD member & without winbind... > > Am 10/30/20 um 2:33 PM schrieb Rowland penny via samba: > > On 30/10/2020 13:17, Ralph Boehme wrote: > >> Patches welcome to improve the wording. :) > >> > > OK, before I go to the trouble of creating a patch, how > about this instead: > > > > ? This example shows how to use idmap_nss to obtain the > local account > > ? ID's for its own domain (SAMBA) from NSS, whilst > allocating new mappings > > ? for the default domain (*) and any trusted domains. > > perfect! :) > > Thanks! > -slow > > -- > Ralph Boehme, Samba Team https://samba.org/ > Samba Developer, SerNet GmbH https://sernet.de/en/samba/ > GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 30/10/2020 13:44, L.P.H. van Belle wrote:> Maybe add, > > Make sure you dont overlap the local user ID. > The first create user on linux is often 1000 > The example starts with 1000.. >That is the whole point behind idmap_nss, it reads a user from AD, then finds a user with the same name in /etc/passwd and maps the two together (I think). Rowland