Thomas Fili wrote:
i want to authenticate for the cifs-fileserver our users from a 2003 R2 Server
with idmap and directory-based mappings.
Works fine, exepting a special point. We are not the root of the forrest, we
are a subdomain in the forrest and usernames (unixname) are not unique in the
hole forrest.
And also some uidNumbers are not unique ...
So "idmap show" finds the enries from the parentdomain at first.
I tried to set "smbd/pdc" and "config/default_domain" and i also tried
"smbd/ads_site"
Samba knews the option "allow trusted domains = no" for this case
Is there any posibility excluding the parent-domain .... in our case there is
no need to lookup users from the parent-domain ...
The assumption underlying directory-based name mapping is that the UNIX
names are unique across the local forest. There's no way to tell idmap to
use directory-based name mapping only in the local domain.
Starting in build 124 we support directory-based mapping using the
uidNumber stored by Microsoft's IDMU, and that *is* restricted to the local
domain. I don't know if that's helpful for you.
I've filed RFE 6886560 "Allow limiting directory-based name mapping to the
local domain".
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
