similar to: Samba domain members and idmap_ad

On Tue, 20 Sep 2016 09:00:23 -0400 Gaiseric Vandal via samba <samba at lists.samba.org> wrote: > Hi > > Thanks for the feedback. > > > > I currently have 3 production domains. > - MYDOMAIN.COM is a production Windows 2008 domain used to support > MS Exchange (but not file sharing.) > - TECH - Samba3 "classic" domain with unix domain

Hi Thanks for the feedback. I currently have 3 production domains. - MYDOMAIN.COM is a production Windows 2008 domain used to support MS Exchange (but not file sharing.) - TECH - Samba3 "classic" domain with unix domain controllers that supports most users for authentication and file sharing. The DC machines are both Samba domains (for Windows clients) and KRB/LDAP

I saw a message on this mailing list about compiling the idmap_ad.c, back in October of last year... and I'm having the same problem... When I try to compile it, the message I get is: gcc -I/usr/include/linux -I/root/samba/samba-3.0.4/source/ubiqx -I/root/samba/samba-3.0.4/source/popt -I/root/samba/samba-3.0.4/source/smbwrapper -I/root/samba/samba-3.0.4/source

How can I confirm that idmap_ad is being called? I've configured Samba with --with-shared-modules=idmap_ad, built and installed it; the file ad.so is now present in /usr/local/samba/lib/ idmap/ as expected. I then added the following to smb.conf: idmap backend = tdb idmap uid = 65536 - 999999 idmap gid = 65536 - 999999 idmap config SU : backend = ad idmap config SU :

I'm unabe to use idmap_ad and sfu nss info with Samba on AIX. The configuration as it is works on a Linux build. workgroup = DOMAIN realm = DOMAIN.TLD server string = SERVER security = ADS idmap domains = DOMAIN idmap config DOMAIN:default = yes idmap config DOMAIN:backend = ad idmap config DOMAIN:range = 1000 - 60000

My long sojourn to get some configuration set up that will then allow me to set a uid of an ad user to whatever unix uid I want (nfs reasons), is still going. I set my backend to ad and added the winbind nss info = sfu. Nothing happened initially in the log.winbindd-idmap, but after lunch I saw some new things in there: 83390]: sid to uid S-1-5-21-54348060-1989963526-242692186-2762 [2006/08/25

Has anyone else gotten samba functioning with idmap_ad and multiple domains? In our environment we have a domain with two child domains. There is one child domain for students, and another for faculty staff. Our servers are joined to the student domain, but need to be able to enumerate users in the staff domain. When attempting to lookup a user (wbinfo -i 'NAU\car3') that only exists

Greetings samba community, I am running samba version: Version 3.5.11-79. fc14. Trying to join linux servers to the windows 2003 domain by running winbind and smb. I have configured the following smb.conf file which worked but can't seem to understand why the uid is different from the windows side when the windows side has already mapped some kind of uid to the sid. If i were to log

I have investigated further and compared the behaviour of samba 3.3 and samba 3.5 on 2 identical SLES9 VM's. Samba 3.3 is working as expected with our Win2k3 SFU Domain and idmap_ad module. Samba 3.5 is not. I noticed that there are a few kerberos params that have changed in 3.5 but I just can't get 3.5 to work as expected: sles9test3:~ # testparm Load smb config files from

On 26/01/16 18:48, Joe Maloney wrote: > Hello all, > Samba Version 4.1.21 on 8 servers as member servers configured with > idmap_ad. I have all the RFC2307 attributes configured for every user, and > group. I wrote a script to ensure that. I have scripts in place to make > sure I don't have duplicates, show users without attributes, etc. I also > filter out the users I

I have two boxes on which I am trying to get idmap_ad (from xad_oss_plugins) to provide uid/gid mapping, and am getting the error: "Could not convert sid <sid of some_user> to uid" The story so far goes like this: Without the line "idmap backend = ad:ldap://<PDC's FQDN>/" in smb.conf, I can successfully do all of: #> wbinfo -S $(wbinfo -n some_user | awk

Is then new idmap_ad module capable of getting uid/gid info from a Windows 2003 AD pre-R2 with RFC2307 Unix Identity Mapping Extensions applied? Also, is the correct syntax for specifying the schema_mode as follows: idmap config dom.example.com:schema_mode = rfc2307 (I am not confident that I am reading the idmap_ad manpage and the new idmap document correctly.) Thanks for the help, Murthy

I must admit I assumed that it was completely hung which is why I looked at your command line to see if there was a typo etc... but here's the output you asked for:- root at hostname:~# time samba-tool group listmembers testgroup -H ldap://adserver -d0 FUNC-UNIX real 11m33.761s <------ LONG TIME! user 0m0.327s sys 0m0.021s I guess they have some nested groups set up... it does appear

Hello all, Samba Version 4.1.21 on 8 servers as member servers configured with idmap_ad. I have all the RFC2307 attributes configured for every user, and group. I wrote a script to ensure that. I have scripts in place to make sure I don't have duplicates, show users without attributes, etc. I also filter out the users I don't want to see by placing them outside of the range set aside

The DC's are running Windows Server 2012R2. The directory itself has RFC2307 attributes. The file servers are running FreeBSD with Samba 4.1. These are just member servers not joined as domain controllers. I have tried to upgrade to samba 4.2, and samba 4.3 as a test with no difference. Here is a peak at the smb4.conf via pastebin. http://pastebin.com/Ai14LREW Joe Maloney On Tue, Jan 26,

>It's probably worth noting that for users who are >adding idmap_ad over an existing winbind setup, the >old mapping has to be deleted as above. Thanks, I'll put this in the README for the next version. regards, -- Luke --

Some empirical testing shows that if I am using the idmap_ad module the template homedir parameter in smb.conf is ignored. I would just like to determine if this is the correct behaviour or if I am doing something wrong. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom.

Hi 4.1.11 no longer includes the idmap_ad module in a default ./configure. This has caught out at least two list users recently. We think it is important enough to reinstate as default. Anyone with us? Especially those whose task it will be to have to tell users via the list of the change. . . Cheers, Steve

It would be a handy feature to have idmap_ad implement an alloc routine to write back the uid and gid mappings to AD either as SFU attributes or RFC 2307 attributes. I figure this could allow dynamic uid and gid allocation that can be easily preserved across multiple domains in a Windows environment. Has there been any attempt to provide this feature? Ross S. W. Walker Information Systems

I note from the man pages, that idmap_ad will only map users/groups IF you set the UIDnumber in the active directory. In lookin in my active directory, there is a "Unix Attributes" tab with "UID" in that tab that you can set. There is also and "Attributes Editor" tap where you can look at all attributes and edit the "UIDnumber" I just want to verify that