Rowland Penny
2021-Aug-25 13:16 UTC
[Samba] Problem connecting Samba and Windows Active Directory
On Wed, 2021-08-25 at 12:55 +0000, Luca Bertoncello via samba wrote:> Getent passwd shows only local users. No AD-users at all... ? > > The Users in AD don't have a uidNumber and don't have "Domain Users" > as Group (we use another Group as primary one).Then the winbind 'ad' backend will never work and you will never have any AD users & groups as Unix users and groups. Replace this block in smb.conf: idmap config * : range = 2000-10000 idmap config AD-QUEO-ORG : backend = ad idmap config AD-QUEO-ORG : range = 200000-1000200000 idmap config AD-QUEO-ORG : unix_primary_group = yes idmap config AD-QUEO-ORG : schema_mode = rfc2307 idmap config AD-QUEO-ORG : unix_nss_info = yes With this: idmap config * : range = 3000-7999 idmap config AD-QUEO-ORG : backend = rid idmap config AD-QUEO-ORG : range = 10000-1000200000 It is either that, or start populating AD with uidNumber & gidNumber attributes. Rowland
Luca Bertoncello
2021-Aug-25 13:24 UTC
[Samba] Problem connecting Samba and Windows Active Directory
Hi Rowland, I got it working for myself... As information: I need to change the smb.conf. Now it seems to work as expected. Hopefully for a long time... Thanks Luca -----Urspr?ngliche Nachricht----- Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland Penny via samba Gesendet: Mittwoch, 25. August 2021 15:16 An: samba at lists.samba.org Betreff: Re: [Samba] Problem connecting Samba and Windows Active Directory On Wed, 2021-08-25 at 12:55 +0000, Luca Bertoncello via samba wrote:> Getent passwd shows only local users. No AD-users at all... ? > > The Users in AD don't have a uidNumber and don't have "Domain Users" > as Group (we use another Group as primary one).Then the winbind 'ad' backend will never work and you will never have any AD users & groups as Unix users and groups. Replace this block in smb.conf: idmap config * : range = 2000-10000 idmap config AD-QUEO-ORG : backend = ad idmap config AD-QUEO-ORG : range = 200000-1000200000 idmap config AD-QUEO-ORG : unix_primary_group = yes idmap config AD-QUEO-ORG : schema_mode = rfc2307 idmap config AD-QUEO-ORG : unix_nss_info = yes With this: idmap config * : range = 3000-7999 idmap config AD-QUEO-ORG : backend = rid idmap config AD-QUEO-ORG : range = 10000-1000200000 It is either that, or start populating AD with uidNumber & gidNumber attributes. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Christian Naumer
2021-Aug-25 13:32 UTC
[Samba] Problem connecting Samba and Windows Active Directory
On 25.08.21 15:16, Rowland Penny via samba wrote:> On Wed, 2021-08-25 at 12:55 +0000, Luca Bertoncello via samba wrote: >> Getent passwd shows only local users. No AD-users at all... ? >> >> The Users in AD don't have a uidNumber and don't have "Domain Users" >> as Group (we use another Group as primary one). > > Then the winbind 'ad' backend will never work and you will never have > any AD users & groups as Unix users and groups. > > Replace this block in smb.conf: > > idmap config * : range = 2000-10000 > idmap config AD-QUEO-ORG : backend = ad > idmap config AD-QUEO-ORG : range = 200000-1000200000 > idmap config AD-QUEO-ORG : unix_primary_group = yes > idmap config AD-QUEO-ORG : schema_mode = rfc2307 > idmap config AD-QUEO-ORG : unix_nss_info = yes > > With this: > > idmap config * : range = 3000-7999 > idmap config AD-QUEO-ORG : backend = rid > idmap config AD-QUEO-ORG : range = 10000-1000200000 > > It is either that, or start populating AD with uidNumber & gidNumber > attributes.The Data on the server will then have "new" owners. Just be aware of that. Regards -- Dr. Christian Naumer Vice President Unit Head Bioprocess Development BRAIN Biotech AG Darmstaedter Str. 34-36, D-64673 Zwingenberg e-mail cn at brain-biotech.com, homepage www.brain-biotech.com phone +49-6251-9331-30 / fax +49-6251-9331-11 Sitz der Gesellschaft: Zwingenberg/Bergstrasse Registergericht AG Darmstadt, HRB 24758 Vorstand: Adriaan Moelker (Vorstandsvorsitzender), Lukas Linnig Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen