search for: idmap_ldb

...didn't, you might have thought you did, but you didn't, all the rfc2307 attributes are part of the standard schema. You actually will have provisioned with '--use-rfc2307', What this actually added to Samba AD was the ypServ30.ldif (which is the basic OUs etc required by IDMU) and ?idmap_ldb:use rfc2307 = yes? to the first DCs smb.conf (note: it isn't added when you join other DCs, you have to manually add it). Now with this setup, if you add uidNumber & gidNumber attributes, then they will be used on the DC instead of the normal '3000000' range of numbers, but if you...

...00 Douglas Bagnall via samba <samba at lists.samba.org> wrote: > On 12/06/24 04:12, Rowland Penny via samba wrote: > > On Tue, 11 Jun 2024 17:02:58 +0100 > > Luis Peromarta via samba <samba at lists.samba.org> wrote: > > > >> In what scenario should I use idmap_ldb:use rfc2307 = yes ? For > >> what purpose ? > > > > Good question. The only real use could be if you are adding rfc2307 > > attributes to AD AND using the DC as a fileserver (not recommended) > > AND also running Unix domain members using the 'ad' idmap bac...

...lt;samba at lists.samba.org> wrote: > > > On 12/06/24 04:12, Rowland Penny via samba wrote: > > > On Tue, 11 Jun 2024 17:02:58 +0100 > > > Luis Peromarta via samba <samba at lists.samba.org> wrote: > > > > > >> In what scenario should I use idmap_ldb:use rfc2307 = yes ? For > > >> what purpose ? > > > > > > Good question. The only real use could be if you are adding > > > rfc2307 attributes to AD AND using the DC as a fileserver (not > > > recommended) AND also running Unix domain members using t...

hello, So the idmap_ldb:use rfc2307 = yes in smb.conf is only used on the "first" provisioned DC, and it's not necessary on the others that have joined? If another DC has taken over the FSMO roles, does only that DC need to have the entry? Thanks! On Fri, Jun 21, 2024 at 4:44?AM Marco Gaiarin via samba &l...

...member servers. Regards, Le 04/06/2015 18:30, buhorojo a ?crit : > On 04/06/15 02:12, Brady, Mike wrote: >> I see that on the page >> https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Check_if_RFC2307_is_used_by_your_Domain_Controllers >> that >> >> idmap_ldb:use rfc2307 = yes >> >> is required on all DC when wanting to use RFC2307, but I can not find >> any mention of this parameter in the man pages or any explanation of >> exactly what it does anywhere else. >> >> I am using RFC2307 in my set up and do have this i...

...? If not, why did you use the '1000-9999' range for the NAVDOM NetBIOS domain ? As every Samba machine is a 'server', referring to a 'samba server' isn't enough, is it a DC, or is it a Unix domain member, or is it a standalone server ? OK, lets see if I can explain 'idmap_ldb:use rfc2307 = yes'. That parameter can only be used on a Samba AD DC, it does nothing on any other computer running Samba. So what does it do on a DC ? It is very simple, it allows the Samba AD DC to use any uidNumber & gidNumber attributes in AD instead of the '3000000' xidNumbers...

In what scenario should I use idmap_ldb:use rfc2307 = yes ? For what purpose ? I don?t see any use for it then. LP On Jun 11, 2024 at 16:56 +0100, samba at lists.samba.org <samba at lists.samba.org>, wrote: > > You could actually, but then you must never set 'idmap_ldb:use rfc2307 > = yes' on any DC. It is mutual...

On Tue, 11 Jun 2024 17:02:58 +0100 Luis Peromarta via samba <samba at lists.samba.org> wrote: > In what scenario should I use idmap_ldb:use rfc2307 = yes ? For what > purpose ? Good question. The only real use could be if you are adding rfc2307 attributes to AD AND using the DC as a fileserver (not recommended) AND also running Unix domain members using the 'ad' idmap backend. Even then, I am not convinced. > >...

On 12/06/24 04:12, Rowland Penny via samba wrote: > On Tue, 11 Jun 2024 17:02:58 +0100 > Luis Peromarta via samba <samba at lists.samba.org> wrote: > >> In what scenario should I use idmap_ldb:use rfc2307 = yes ? For what >> purpose ? > > Good question. The only real use could be if you are adding rfc2307 > attributes to AD AND using the DC as a fileserver (not recommended) AND > also running Unix domain members using the 'ad' idmap backend. Even > then, I a...

I use uids from this range for many, many years, since samba 3. :) And I want/need to use this range - to change it now would be a mess. And I need to be able to set them manually, not in an automatic way. By server I mean a domain member server. So on samba DC I have: "idmap_ldb:use rfc2307 = yes" And on a samba domain member server (that serves files to clients) I have idmap config * : backend = tdb ??? idmap config * : range = 20000-20999 ??? idmap config NAVIDOM:backend = ad ??? idmap config NAVIDOM:schema_mode = rfc2307 ??? idmap config NAVIDOM:range = 1...

All, In the past few days I have been experimenting with the mappings in Samba servers. Today is the DC day. Procedure: In my setup, I provisioned with rfc2307 schema. In fairness everyone should, as it?s free, and you can later use it or not. 'idmap_ldb:use rfc2307 = yes' is in the smb.conf , it?s there by default when the domain is provisioned with rfc2307 - this reads gidNumbers and uidNumbers for users from the rfc2307 attributes supplied when creating users and groups. I have created a couple of users and groups, ?Unix Admins? group (1000...

...nfig NAVIDOM:schema_mode = rfc2307 ??? idmap config NAVIDOM:range = 1000-9999 ??? idmap config NAVIDOM:unix_nss_info = yes ??? idmap config NAVIDOM:unix_primary_group = yes ??? winbind use default domain = yes ??? winbind nss info = rfc2307 As I understand, to use it this way I need the "idmap_ldb:use rfc2307 = yes" on DC? Or is there another way to directly map samba users and groups to linux users and groups? Best regards, Olaf Fr?czyk NAVI Sp. z o.o. Promienista 5/1 60-288 Pozna? mobile: +48609769035 phone: +48616622881 fax: +48616622882 http://www.navi.pl On 2024-06-20 11:22...

Me neither. AND only if you need to sync files from a DC to a member server or viceversa, so uids and gids match. Otherwise I?d say no use. Why idmap_ldb:use rfc2307 = yes? by default then??when provisioning with rfc2307 ? We are giving instructions to new users how to set up AD idmapping and it is so very complicated because of this, the documentation is confusing at times. If using AD idmap , give gidNumbers, but not to ?Domain Admins?, create a...

...had 'Unix Attributes' tabs, but Microsoft removed these when it stopped IDMU (at Windows 10). These tabs relied on the framework in ypServ30.ldif, but Samba (as far as I am aware) never used any of it. > > Correct ? > > If we provision without "--use-rfc2307 ?, then no ?idmap_ldb:use > rfc2307 = yes? lines in smb.conf in DCs, then no more worries about > ?Domain Admins? having gidNumber, no need for ?Unix Admins? and > complexity of the AD mapping is no longer there ? > > Is this correct ? Yes, very easy to test, just remove 'idmap_ldb:use rfc2307 = yes...

The question is, if without the option "use idmap_ldb:use rfc2307 = yes"? I will be able to set the uid, uidNumber, unixHomeDirectory and gid on the DC, as I can do it now? NAVI Sp. z o.o. Promienista 5/1 60-288 Pozna? mobile: +48609769035 phone: +48616622881 fax: +48616622882 http://www.navi.pl On 2024-06-20 12:32, Luis Peromarta via samba...

This looks OK, and is a member server config. We refer to DCs in this article http://samba.bigbird.es/doku.php?id=samba:no-need-for-use-rfc2307 You do not need "use idmap_ldb:use rfc2307 = yes" on a DC, unless under very special circumstances. This line in a DC does not affect your member servers, it only affects DCs. LP On Jun 20, 2024 at 11:26 +0100, Olaf Fr?czyk via samba <samba at lists.samba.org>, wrote: > > Hello, > > Why is it said that i...

Hi all, When provisionning a Samba 4 AD domain with --use-rfc2307 the option "idmap_ldb:use rfc2307 = yes" is added to our first DC's smb.conf. When joining a Samba4 to a domain to make it a DC we can't use --use-rfc2307 and "idmap_ldb:use rfc2307 = yes" is not automatically added to newly joined DC's smb.conf. Question 1: is this option useless on non-FSM...

On Tue, 11 Jun 2024 17:25:59 +0100 Luis Peromarta via samba <samba at lists.samba.org> wrote: > Me neither. AND only if you need to sync files from a DC to a member > server or viceversa, so uids and gids match. Otherwise I?d say no use. > > Why idmap_ldb:use rfc2307 = yes? by default then??when provisioning > with rfc2307 ? I have no idea, before my time. It was added in the infancy of Samba AD and it was probably thought it was required. > > We are giving instructions to new users how to set up AD idmapping > and it is so very comp...

...ou saying "--use-rfc2307 ? when provisioning is no longer needed ? And the rfc2307 attributes will still be there ? Again, we are telling people how they need this if they plan to use AD mapping, but now it seems they don?t ? Correct ? If we provision without "--use-rfc2307 ?, then no ?idmap_ldb:use rfc2307 = yes? lines in smb.conf in DCs, then no more worries about ?Domain Admins? having gidNumber, no need for ?Unix Admins? and complexity of the AD mapping is no longer there ? Is this correct ? LP On Jun 11, 2024 at 17:44 +0100, samba at lists.samba.org <samba at lists.samba.org>,...

Correct, and I have done so and explained extensively at the beginning to this thread. Question is: Should we stop telling people to provision with idmap_ldb:use rfc2307 = yes ? And if we do, Should we stop telling people not to give guiNuber to ?Domain Admins? if using AD ? Rowland, can you think how many (hundreds) of times have you had to explain the ?ID_TYPE_BOTH? thing ? Imagine putting an end to it. ;) LP On Jun 11, 2024 at 18:33 +0100, samba...