2011/3/10 Javier Conti <[email protected]>: > On 9 March 2011 20:13, Mike Auleta <[email protected]> wrote: >> We're looking at setting up Linux Authentication to our AD servers using >> winbind and need to know if there is a way to keep all the user IDs in >> sync across the Linux servers. The way I see it now, the user ID is >> assigned numerically depending on the order users log in to a server. >> Could make for issues if NFS mounted directories are involved. > > Hi, I'm using AD 2008 R2 as PDC, and have been successful using the > following configuration in /etc/samba/smb.conf on the client: > > [global] (snip) > idmap backend = ad > idmap config MYDOMAIN : backend = ad > idmap config MYDOMAIN : range = 10000 - 20000 > idmap config MYDOMAIN : schema_mode = rfc2307 > winbind nss info = rfc2307 > > Since this configuration uses the Posix attributes found in the > rfc2307 schema, I have the uidNumber attribute of users and the > gidNumber attribute of groups populated with the IDs used in Unix (and > in the range between 10000 and 20000).
"idmap backend" should be a "writeable" backend such as tdb or ldap. Anyway, to synclonize UID, you can also use "rid" or "ldap" instead of "ad". If you simply want to sync UIDs, "rid" is a better choice, I think. For example: idmap config DOMAIN:range = 1000000 - 1999999 idmap config DOMAIN:base_rid = 0 idmap config DOMAIN:backend = rid Please refer to manpages in the detail. --- TAKAHASHI Motonobu <[email protected]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
