Hello, Could you please give me some precision about the current state of the winbind support on a member server. I have tried to list what I understand about it. (I suppose that the libnss_winbind symlink are correct in /lib and/or lib64)
* samba4 join as member join: samba-tool domain join <dnsdomain> MEMBER smb.conf should contain: idmap_ldb:use rfc2307 = yes the AD DC doesn't need to be provisioned with the option "--use-rfc2307" then the member should be able to read uidNumber gidNumber from the directory. * smbd + winbindd samba4: compile with --with-shared-modules=...,idmap_ad samba3 compile with --with-shared-modules=...,idmap_ad,--with-ads join: net ads join smb.conf should contain (from the wiki): idmap config *:backend = tdb idmap config *:range = 70001-80000 idmap config SHORTDOMAINNAME:backend = ad idmap config SHORTDOMAINNAME:schema_mode = rfc2307 idmap config SHORTDOMAINNAME:range = 500-40000 But the AD have to be provisioned with "--use-rfc2307" You then should add the objectclass: posixAccount in the AD samdb for each user and posixGroup for the group Is it mandatory to have provioned the AD with "--use-rfc2307" ? mac OSX client seems to be OK without, they can read uid/gid Number, but not linux client using smbd/winbindd. If yes what is the best way to add rfc2307 support to an already provisioned AD ? Applying ypServ30.ldif will it be good enough ? Thanks Ali -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
