similar to: idmap ad question

Displaying 20 results from an estimated 10000 matches similar to: "idmap ad question"

2023 Feb 13
1
idmap ad question
On 12/02/2023 16:40, Vaughan, Robert J via samba wrote: > Hi all > > In the idmap_config_ad wiki, it states .. > > If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD. > > Can someone explain this? > >>Yes >>Every users primaryGroupID attribute is set to 513, the RID for Domain >>Users.
2023 Feb 13
1
idmap ad question
On 13/02/2023 16:50, Vaughan, Robert J via samba wrote: > On 12/02/2023 16:40, Vaughan, Robert J via samba wrote: >> Hi all >> >> In the idmap_config_ad wiki, it states .. >> >> If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD. >> >> Can someone explain this? >> > >>> Yes
2023 Feb 12
1
idmap ad question
On 12/02/2023 16:40, Vaughan, Robert J via samba wrote: > Hi all > > In the idmap_config_ad wiki, it states .. > > If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD. > > Can someone explain this? > Yes Every users primaryGroupID attribute is set to 513, the RID for Domain Users. Unless Domain Users has a
2023 Feb 13
1
idmap ad question
> On 12/02/2023 16:40, Vaughan, Robert J via samba wrote: > Hi all > > In the idmap_config_ad wiki, it states .. > > If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD. > > Can someone explain this? > >> Yes >> >> Every users primaryGroupID attribute is set to 513, the RID for Domain
2023 Feb 13
1
idmap ad question
> On 12/02/2023 16:40, Vaughan, Robert J via samba wrote: > Hi all > > In the idmap_config_ad wiki, it states .. > > If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD. > > Can someone explain this? > >> Yes >> >> Every users primaryGroupID attribute is set to 513, the RID for Domain
2023 Feb 13
1
idmap ad question
On 13/02/2023 19:42, Vaughan, Robert J via samba wrote: > Yeah the link is correctly setup, since it is not compiled Samba > > Ok, I found in this link .. > >
2016 Dec 10
2
winbind rfc2307 - wbinfo -i fails
On Sat, 10 Dec 2016 09:07:13 +0000 Kevin Davidson via samba <samba at lists.samba.org> wrote: > > And note this newly highlighted section of the wiki, which deals with > the UNIX admin’s potential desire to “fix” this problem that users' > primary group is “wrong”. > > https://wiki.samba.org/index.php/Idmap_config_ad#Prerequisites Care to expand on what is
2023 Feb 14
1
idmap ad question
On 14/02/2023 11:41, Vaughan, Robert J via samba wrote: > I am the UNIX admin and don't have a use for all domain users group since all domain users won't be UNIX (or SAMBA) users >>Your decision. > > What do you mean by "It isn't as if you can have a user group with the same name as the user"? We currently do have group names in UNIX (local and in LDAP)
2023 Feb 14
1
idmap ad question
On 13/02/2023 22:53, Vaughan, Robert J via samba wrote: > >>> Were you running 'getent passwd' rather than 'getent passwd AUSERNAME' ? > > Yes, I am used to getting that output with getent on my UNIX LDAP system. As long as I can get it from wbinfo I suppose that works too. Never understood why anyone requires all the users or groups on a regular basis, just
2023 Feb 13
1
idmap ad question
On 13/02/2023 19:42, Vaughan, Robert J via samba wrote: > Yeah the link is correctly setup, since it is not compiled Samba > > Ok, I found in this link .. > > https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#getent_not_Finding_Domain_Users_and_Groups > > I had to change these lines to 'Yes' .. > > winbind enum groups = Yes >
2020 Feb 14
3
Setting uidNumber for machine accounts
> > I was aware that computer accounts were also users in AD, but I hadn't > considered assigning a uidNumber to them. It makes sense that winbind > (in idmap="ad" mode) would not "see" the accounts with a uidNumber. > Naturally, groups of which the computer accounts are members would > need gidNumber assigned as well. This is interesting. I also have a
2023 Feb 14
1
idmap ad question
On 13/02/2023 22:53, Vaughan, Robert J via samba wrote: > >>> Were you running 'getent passwd' rather than 'getent passwd AUSERNAME' ? > > Yes, I am used to getting that output with getent on my UNIX LDAP system. As long as I can get it from wbinfo I suppose that works too. >>Never understood why anyone requires all the users or groups on a
2016 Dec 09
2
winbind rfc2307 - wbinfo -i fails
On 08/12/2016 13:44, Oliver Heinz wrote: > So I gave Domain Users 99999 and voilà: > > root at m1:~# wbinfo -i SAMDOM\\demo01 > SAMDOM\demo01:*:10000:99999:demo01:/home/demo01:/bin/bash > > Seems samba always uses the primaryGroupID which for demo01 is set to > 'Domain Users'. Im just wondering a bit then why there is a gidNumber > as an user attribute, as it is
2023 Feb 13
1
idmap ad question
> I should mention, I can ssh into the server using my AD creds and the one test share I setup also maps fine, so it all seems to be working, was just curious why 'getent passwd' does not show AD accounts >>Provided that the users you want to be visible to Unix have a uidNumber >>attribute containing a unique number inside the 225-999999 range and >>Domain Users has
2023 Feb 13
1
idmap ad question
On 13/02/2023 18:26, Vaughan, Robert J via samba wrote: > I should mention, I can ssh into the server using my AD creds and the one test share I setup also maps fine, so it all seems to be working, was just curious why 'getent passwd' does not show AD accounts Provided that the users you want to be visible to Unix have a uidNumber attribute containing a unique number inside the
2016 Dec 09
5
How to join join Ubuntu desktop to AD
> On 9 Dec 2016, at 14:26, lingpanda101 via samba <samba at lists.samba.org> wrote: > > Still no luck getting getent to retrieve user information. I have uid's and gid's setup for all users I am attempting to query. But did you give Domain Users a gid? If you don’t do that, winbind and getent will not find any UNIX users (doesn’t matter if the users have a uid and gid
2016 Nov 21
2
Use of gidNumber attribute in user entry
A few questions about Unix groups in Samba. (1) "samba-tool user add" has an option to set --gid-number. However, I can't see that this attribute is ever used. Can someone confirm if this is true? From digging around previous mailing list postings (*), I surmise the following: - the user's Unix primary gid is taken from their primary *Windows* group (primaryGroupID, which
2023 Feb 14
1
idmap ad question
On 14/02/2023 11:41, Vaughan, Robert J via samba wrote: > I am the UNIX admin and don't have a use for all domain users group since all domain users won't be UNIX (or SAMBA) users Your decision. > > What do you mean by "It isn't as if you can have a user group with the same name as the user"? We currently do have group names in UNIX (local and in LDAP) that are
2023 Feb 13
1
idmap ad question
On 13/02/2023 18:54, Vaughan, Robert J via samba wrote: > > nsswitch.conf has 'files winbind' for the passwd, shadow and group lines Remove it from the shadow line, it should not be there. > > What does it mean 'winbind links set up'? It refers to the links that connect winbind to nsswitch > > OS is Red Hat 7. Any idea in those packages if I might be
2019 Oct 16
13
Samba AD-DC idmap config
Following the guidance here, https://wiki.samba.org/index.php/Idmap_config_ad, I added idmap lines to my smb.conf file on my Samba 4.7 AD-DC server on Ubuntu 18.04. Samba no longer starts and testparm reports that the idmap ranges for the default * domain and the AD domain are overlapping. Here's my smb.conf file (FWIW, if I don't comment security = ADS, server role is set to Member