Displaying 20 results from an estimated 10000 matches similar to: "idmap ad question"
2023 Feb 13
1
idmap ad question
On 12/02/2023 16:40, Vaughan, Robert J via samba wrote:
> Hi all
>
> In the idmap_config_ad wiki, it states ..
>
> If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD.
>
> Can someone explain this?
>
>>Yes
>>Every users primaryGroupID attribute is set to 513, the RID for Domain
>>Users.
2023 Feb 13
1
idmap ad question
On 13/02/2023 16:50, Vaughan, Robert J via samba wrote:
> On 12/02/2023 16:40, Vaughan, Robert J via samba wrote:
>> Hi all
>>
>> In the idmap_config_ad wiki, it states ..
>>
>> If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD.
>>
>> Can someone explain this?
>>
>
>>> Yes
2023 Feb 12
1
idmap ad question
On 12/02/2023 16:40, Vaughan, Robert J via samba wrote:
> Hi all
>
> In the idmap_config_ad wiki, it states ..
>
> If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD.
>
> Can someone explain this?
>
Yes
Every users primaryGroupID attribute is set to 513, the RID for Domain
Users. Unless Domain Users has a
2023 Feb 13
1
idmap ad question
> On 12/02/2023 16:40, Vaughan, Robert J via samba wrote:
> Hi all
>
> In the idmap_config_ad wiki, it states ..
>
> If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD.
>
> Can someone explain this?
>
>> Yes
>>
>> Every users primaryGroupID attribute is set to 513, the RID for Domain
2023 Feb 13
1
idmap ad question
> On 12/02/2023 16:40, Vaughan, Robert J via samba wrote:
> Hi all
>
> In the idmap_config_ad wiki, it states ..
>
> If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD.
>
> Can someone explain this?
>
>> Yes
>>
>> Every users primaryGroupID attribute is set to 513, the RID for Domain
2023 Feb 13
1
idmap ad question
On 13/02/2023 19:42, Vaughan, Robert J via samba wrote:
> Yeah the link is correctly setup, since it is not compiled Samba
>
> Ok, I found in this link ..
>
>
2016 Dec 10
2
winbind rfc2307 - wbinfo -i fails
On Sat, 10 Dec 2016 09:07:13 +0000
Kevin Davidson via samba <samba at lists.samba.org> wrote:
>
> And note this newly highlighted section of the wiki, which deals with
> the UNIX admin’s potential desire to “fix” this problem that users'
> primary group is “wrong”.
>
> https://wiki.samba.org/index.php/Idmap_config_ad#Prerequisites
Care to expand on what is
2023 Feb 14
1
idmap ad question
On 14/02/2023 11:41, Vaughan, Robert J via samba wrote:
> I am the UNIX admin and don't have a use for all domain users group since all domain users won't be UNIX (or SAMBA) users
>>Your decision.
>
> What do you mean by "It isn't as if you can have a user group with the same name as the user"? We currently do have group names in UNIX (local and in LDAP)
2024 Nov 22
1
Accessing Samba domain member shares from trusted domain
Hi Ralph
When you said I can't use idmap_ad in my trusting domain because 'we're not allowed to talk to a DC in the trusted domain', does that still apply even if we can provide a read-only DC from the trusted domain inside the trusting domain network?
Thanks,
Rob
-----Original Message-----
From: Ralph Boehme <slow at samba.org>
Sent: Tuesday, November 12, 2024 12:59
2023 Feb 14
1
idmap ad question
On 13/02/2023 22:53, Vaughan, Robert J via samba wrote:
>
>>> Were you running 'getent passwd' rather than 'getent passwd AUSERNAME' ?
>
> Yes, I am used to getting that output with getent on my UNIX LDAP system. As long as I can get it from wbinfo I suppose that works too.
Never understood why anyone requires all the users or groups on a
regular basis, just
2023 Feb 13
1
idmap ad question
On 13/02/2023 19:42, Vaughan, Robert J via samba wrote:
> Yeah the link is correctly setup, since it is not compiled Samba
>
> Ok, I found in this link ..
>
> https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#getent_not_Finding_Domain_Users_and_Groups
>
> I had to change these lines to 'Yes' ..
>
> winbind enum groups = Yes
>
2020 Feb 14
3
Setting uidNumber for machine accounts
>
> I was aware that computer accounts were also users in AD, but I hadn't
> considered assigning a uidNumber to them. It makes sense that winbind
> (in idmap="ad" mode) would not "see" the accounts with a uidNumber.
> Naturally, groups of which the computer accounts are members would
> need gidNumber assigned as well.
This is interesting. I also have a
2024 Nov 12
2
Accessing Samba domain member shares from trusted domain
On 11/12/24 6:49 PM, Vaughan, Robert J via samba wrote:
> Ok well I have that setting you mention
>
> I just can't map my trusted AD account in the trusting domain on my
> Linux Samba domain member
>
> I can't see any users in the trusted domain actually
>
> wbinfo -u --domain=TRUSTED
>
> returns nothing at all
this is as expected. We're not allowed
2023 Feb 14
1
idmap ad question
On 13/02/2023 22:53, Vaughan, Robert J via samba wrote:
>
>>> Were you running 'getent passwd' rather than 'getent passwd AUSERNAME' ?
>
> Yes, I am used to getting that output with getent on my UNIX LDAP system. As long as I can get it from wbinfo I suppose that works too.
>>Never understood why anyone requires all the users or groups on a
2016 Dec 09
2
winbind rfc2307 - wbinfo -i fails
On 08/12/2016 13:44, Oliver Heinz wrote:
> So I gave Domain Users 99999 and voilà:
>
> root at m1:~# wbinfo -i SAMDOM\\demo01
> SAMDOM\demo01:*:10000:99999:demo01:/home/demo01:/bin/bash
>
> Seems samba always uses the primaryGroupID which for demo01 is set to
> 'Domain Users'. Im just wondering a bit then why there is a gidNumber
> as an user attribute, as it is
2023 Feb 13
1
idmap ad question
> I should mention, I can ssh into the server using my AD creds and the one test share I setup also maps fine, so it all seems to be working, was just curious why 'getent passwd' does not show AD accounts
>>Provided that the users you want to be visible to Unix have a uidNumber
>>attribute containing a unique number inside the 225-999999 range and
>>Domain Users has
2023 Feb 13
1
idmap ad question
On 13/02/2023 18:26, Vaughan, Robert J via samba wrote:
> I should mention, I can ssh into the server using my AD creds and the one test share I setup also maps fine, so it all seems to be working, was just curious why 'getent passwd' does not show AD accounts
Provided that the users you want to be visible to Unix have a uidNumber
attribute containing a unique number inside the
2016 Dec 09
5
How to join join Ubuntu desktop to AD
> On 9 Dec 2016, at 14:26, lingpanda101 via samba <samba at lists.samba.org> wrote:
>
> Still no luck getting getent to retrieve user information. I have uid's and gid's setup for all users I am attempting to query.
But did you give Domain Users a gid? If you don’t do that, winbind and getent will not find any UNIX users (doesn’t matter if the users have a uid and gid
2016 Nov 21
2
Use of gidNumber attribute in user entry
A few questions about Unix groups in Samba.
(1) "samba-tool user add" has an option to set --gid-number. However, I
can't see that this attribute is ever used. Can someone confirm if this
is true?
From digging around previous mailing list postings (*), I surmise the
following:
- the user's Unix primary gid is taken from their primary *Windows*
group (primaryGroupID, which
2023 Feb 14
1
idmap ad question
On 14/02/2023 11:41, Vaughan, Robert J via samba wrote:
> I am the UNIX admin and don't have a use for all domain users group since all domain users won't be UNIX (or SAMBA) users
Your decision.
>
> What do you mean by "It isn't as if you can have a user group with the same name as the user"? We currently do have group names in UNIX (local and in LDAP) that are