Thanks Rowland for you answer.
I passed the idmap config UR parameter: unix_nss_info to yes and it works
I work in university with a large number of users.
The RIDs which I understand like the last digits of the SID are from 1000 to
300000 and uid from the LDAP are from 500 to 29009894.
So I don't really know what to do with it ?
I modify idmap to:
idmap config * : backend = tdb
idmap config * : range = 16777216-33554431
idmap config UR : backend = ad
idmap config UR : range = 1000-350000
idmap config UR : unix_nss_info = yes
Is it good ?
----- Mail original -----
De: "Rowland Penny via samba" <samba at lists.samba.org>
?: samba at lists.samba.org
Cc: "Rowland Penny" <rpenny at samba.org>
Envoy?: Jeudi 28 Mars 2024 12:03:37
Objet: Re: [Samba] bad home path from AD
On Thu, 28 Mar 2024 11:12:12 +0100
Arnaud Bougeard via samba <samba at lists.samba.org> wrote:
> Hello
>
> I think I have a mapping problem.
>
> The server was added to the domain with sudo net ads join -U
> adj-compo at ur.local
>
> The server is also connected to an LDAP server via SSD
>
> When loading the user's homes, the server does not look for the
> correct homedir path which should be /private/student/7/17/tdsi917
> for the user tdsi917
>
> Here are the values and variables retrieved by the 3 commands:
>
> # getent passwd ur\\tdsi917
> tdsi917:*:16945606:16977729::/home/UR/tdsi917:/bin/false
>
> # getent passwd tdsi917
> tdsi917:*:122025:99999:test
> dsi917:/private/student/7/17/tdsi917:/usr/local/bin/ur1shell
>
> # id tdsi917
> uid=122025(tdsi917) gid=99999
> groupes=99999,16945606(tdsi917),16977729(domain
>
users),17138962($ijv700-jaannteirkd3),17169934($ert800-5ggunedtuc7k),17121891($3ue700-90qmsldqmphu),16975181($da1600-8q4gb3joj2c9),17156453($5mg800-qp8djjrmdrod),17155068($saf800-r89h2bc6j7a6),17098681($p8o600-b3lnss0ku69r),17098673($h8o600-asepe2uhj93k),17121890($2ue700-3vk366s8s8nf),17169935($frt800-8l9h6ago3m6l),17131976($8po700-dj95nr2nh69g),17138960($gjv700-3rcp24o2rlvs),17131837($tko700-b5g5n6ti3aor),17138961($hjv700-5pebr12ui2pt),16974329($pf0600-svtpf15svlnj),17144064($0j4800-12qqqai06tc5),16966428($soo500-kso5c5o4qd6c),17169933($drt800-91fnd965nvcg),17169365($l9t800-1i3jm4qpr31r),16777217(BUILTIN\users)
>
>
> Here is my samba config /etc/samba/smb.conf
> [global]
> netbios name = spartacus-test
> workgroup = ur
> realm = UR.LOCAL
I do hope that '.local' is sanitisation for your correct TLD.
> log file = /var/log/samba/%m.log
> log level = 3
> security = ads
> idmap config * : backend = tdb
> idmap config * : range = 16777216-33554431
The default domain '*' is meant for the Well Known SIDs (and there are
less than 200 of them) and anything outside the 'UR' domain (so really
0), so why have you got a range that allows for 16 million, seven
hundred and seventy seven thousand, two hundred and twenty five users?
> idmap config UR : unix_nssinfo = no
> idmap config UR: schema_mode = rfc2307
It looks to me that you are possibly wanting to use the 'ad' idmap
backend for the 'UR' domain, if so, you are a couple of lines missing
(at least)
idmap config UR : backend = ad
idmap config UR : range = 10000-999999
Though this will require that you have added rfc2307 attributes to AD,
have you done this ?
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba