Thanks Jonathan, but it didn't work for me. I updated my config to look like this: security = ADS realm = CORP.mycompany.COM allow trusted domains = yes winbind use default domain = yes winbind nested groups = YES winbind enum groups = yes winbind enum users = yes winbind nss info = rfc2307 winbind refresh tickets = yes idmap config CORP : backend = ad idmap config CORP : schema_mode = rfc2307 idmap config CORP : 1000 - 99999 #idmap config * : backend = tdb idmap config * : default = yes idmap config * : range = 100000 - 199999
And after restarting smbd and winbindd, my ID came back as 100000 instead of the expected 1001. Is there some other element missing from my "idmap config CORP" sections to somehow associate it with this specific AD server? Or does the "CORP" identifier suffice? thanks again! -Nick On Jul 16, 2012, at 1:57 AM, Jonathan Buzzard wrote: > On 14/07/12 17:50, Nick Triantos wrote: >> Hi, >> >> I'm still having trouble getting Samba 3.6.3 / Winbind to fetch UIDs from AD >> 2008 R2 with the Services for Unix feature installed. My users have >> uidNumber fields which contain the UIDs I want. I'm on Ubuntu 12.04 >> >> The global part of my smb.conf. I've tried changing 'winbind nss info' and >> 'schema_mode' to sfu as well. >> >> security = ADS >> realm = CORP.mycompany.COM >> allow trusted domains = yes >> winbind use default domain = yes >> winbind nested groups = YES >> winbind enum groups = yes >> winbind enum users = yes >> winbind nss info = rfc2307 >> winbind refresh tickets = yes >> idmap config CORP : backend = ad >> idmap config CORP : schema_mode = rfc2307 >> #idmap config * : backend = tdb >> idmap config * : default = yes >> idmap config * : range = 900 - 99999 >> > > There is no range here for the ad backend. From what I have determined > empirically is that you need to specify ranges for both that don't overlap. > That said this is now covered in the manual page, but it is vitally important > and it won't work properly without it. What I do is specify a small range > really high up well out of the way of anything being allocated in the AD for > the tdb backend. > > JAB. > > -- > Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk > Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
