On Tue, 2012-05-29 at 15:41 -0700, Randy Rue wrote: > > Can anyone tell me what's wrong with the below file? Or at least provide a > working example? Is there a complete howto anywhere for SMB3.5 and AD2008R2? >
Yes, for starters where is the default writable backend that is required as specified in "man idmap_ad"? You need some lines like the following idmap backend = tdb idmap uid = 1000000-1999999 idmap gid = 1000000-1999999 Where those numbers don't overlap with the numbers for your FHCRC domain. > Hope to hear from you, > > rrue > seattle > > /etc/samba/smb.conf: > [global] > workgroup = FOO > password server = dcx.foo.org dcy.foo.org dcz.foo.org > realm = FOO.ORG > security = ads > winbind use default domain = true > winbind offline logon = false > log file = /var/log/samba/%m.log > max log size = 100 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > dns proxy = no > idmap config FHCRC : default = yes > idmap config FHCRC : backend = ad > idmap config FHCRC : schema_mode = rfc2307 > idmap config FHCRC : range = 5000 - 70000 > allow trusted domains = No > winbind enum users = Yes > winbind enum groups = Yes > winbind nested groups = Yes I also don't see a "winbind nss info = rfc2307" line either so it is not clear how the UID's and GID's from the AD scheme are getting through to Linux. Note for reasons I don't follow the primary GID of the user is calculated from the "primaryGroupID" attribute. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
