[Samba] RFC2307, AD, and Samba 3.6

Sun, 12 Aug 2012 06:09:44 -0700 

Hi all,

I'm still struggling with getting samba 3.6 to use the uids and gids from my 
Active Directory 2008 R2 setup. I can see the users, I just can't get their 
UIDs mapped onto my linux machine.

I've configured AD to use it's "services for unix" feature, and through that, I 
got a "Unix Attributes" tab where I could enter fields like uid, home dir, 
shell, and primary GID.

My few questions:

1. Am I supposed to configure Samba to use rfc2307, or sfu?
2. As you can see in my config, below, I've configured an idmap range for the 
AD domain. It seems to be ignored, and instead, my users get placed in the 
wildcard domain's idmap range.
3. I found some advice (don't remember where) to try to delete these files when 
I change this part of my config:
        /var/run/samba/gencache*
        /var/cache/samba/winbindd_cache.tdb
        /var/lib/samba/winbindd_idmap.tdb
    Any thoughts about the need/value to delete these temp files is appreciated.
4. Finally, does anyone have suggestions of other things I can try?

thanks very much.

best,
-Nick

[global]   (from my smb.conf)
   workgroup = CORP
   server string = %h server (Samba, Ubuntu)

   security = ADS
   realm = CORP.xxx.COM
   allow trusted domains = yes
   winbind use default domain = yes
   winbind nested groups = YES
   winbind nested groups = YES
   winbind enum groups = yes
   winbind enum users = yes
   winbind nss info = rfc2307
   winbind refresh tickets = yes
   idmap config CORP : backend = ad
   idmap config CORP : schema_mode = rfc2307
   #idmap config CORP : range = 1000 - 99999
   idmap config * : default = yes
   #idmap config * : backend = tdb
   #idmap config * : range = 100000 - 199999
   idmap config * : range = 900 - 1999

   encrypt passwords = true

   obey pam restrictions = yes
   client use spnego = yes
   client ntlmv2 auth = yes
   encrypt passwords = true
   restrict anonymous = 2

When I perform an ldapsearch against my server, I see these attributes, among 
others:

msSFU30Name: nick
msSFU30NisDomain: corp
uidNumber: 1001
gidNumber: 1000
unixHomeDirectory: /home/nick
loginShell: /bin/bash

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to