On 03/11/2020 12:17, O'Connor, Daniel wrote:> I tried setting uidNumber et al via the active directory editor and samba-ldbedit, however the mapping doesn't seem to change so I am wondering if it ends up stored somewhere else in the AD case.Did you give 'Domain Users' a gidNumber ? without this, the uidNumber attributes are ignored.> >> The OP is using numbers in the '1000' range, this is something I wouldn't do, it leaves no space for local Unix users. > These were migrated from an old (Samba 3 era) install, so it's vintage now ;) >That is just about the only reason to use them and even then I would think hard about setting up a new domain. Rowland
> On 3 Nov 2020, at 23:21, Rowland penny via samba <samba at lists.samba.org> wrote: > On 03/11/2020 12:17, O'Connor, Daniel wrote: >> I tried setting uidNumber et al via the active directory editor and samba-ldbedit, however the mapping doesn't seem to change so I am wondering if it ends up stored somewhere else in the AD case. > Did you give 'Domain Users' a gidNumber ? without this, the uidNumber attributes are ignored.No, although I just tried it now but it doesn't appear to make a difference. I set it via ADUC and checked via samba-ldbedit .. secrets.ldb>>> The OP is using numbers in the '1000' range, this is something I wouldn't do, it leaves no space for local Unix users. >> These were migrated from an old (Samba 3 era) install, so it's vintage now ;) >> > That is just about the only reason to use them and even then I would think hard about setting up a new domain.Too late now :) -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum
On 03/11/2020 13:05, O'Connor, Daniel wrote:> >> On 3 Nov 2020, at 23:21, Rowland penny via samba <samba at lists.samba.org> wrote: >> On 03/11/2020 12:17, O'Connor, Daniel wrote: >>> I tried setting uidNumber et al via the active directory editor and samba-ldbedit, however the mapping doesn't seem to change so I am wondering if it ends up stored somewhere else in the AD case. >> Did you give 'Domain Users' a gidNumber ? without this, the uidNumber attributes are ignored. > No, although I just tried it now but it doesn't appear to make a difference. > > I set it via ADUC and checked via samba-ldbedit .. secrets.ldb >If your users have a unique uidNumber attribute and Domain Users has a gidNumber attribute, it should work on a DC, provided that you also have 'idmap_ldb:use rfc2307? = yes' in smb.conf, I keep forgetting that one ? Rowland