Hi,
On Wed, Mar 27, 2013 at 6:14 AM, Jim Potter <[email protected]> wrote:
Hi all,
I'm trying to get the unix extensions working in AD. I'm obviously missing
something, but I can't see what...
I've just created user Jim (using ADUC) and added a uidnumber (using
ADSIEdit). From this and what I have below, user Jim should have uidNumber
of 12345 (from AD) and not be prefixed with Domain name. This isn't
happening. Does anyone have any idea why not?
cheers,
Jim
Excerpt from getent passwd:
saned:x:110:117::/home/saned:/bin/false
FASTFOOD\Administrator:*:0:100::/home/FASTFOOD/Administrator:/bin/false
FASTFOOD\Guest:*:3000011:3000012::/home/FASTFOOD/Guest:/bin/false
FASTFOOD\krbtgt:*:3000016:100::/home/FASTFOOD/krbtgt:/bin/false
FASTFOOD\jim:*:3000019:100:Jim Chuffff:/home/FASTFOOD/jim:/bin/false
smb.conf:
[global]
workgroup = FASTFOOD
realm = FASTFOOD.LAN
netbios name = CHIPSHOP
server role = active directory domain controller
dns forwarder = 62.24.199.13
log level = 3
algorithmic rid base = 10000
idmap config * : range = 50001-60000
idmap config * : backend = ad
idmap config FASTFOOD : range = 10000-50000
idmap config FASTFOOD : backend = ad
Hello Jim,
Try adding these lines. If this doesn't work, I think you're being
bitten by a known bug specific to this setup on an S4 DC. Andrew wrote
a patch back in Nov-Dec, but it may not have made it into the
codebase. Let me know if that doesn't work and I'll try to find that
thread. I'm pretty sure someone came up with a work around.
idmap config FASTFOOD : schema_mode = rfc2307
idmap config FASTFOOD : default = yes
winbind enum users = yes
winbind enum groups = yes
winbind nss info = rfc2307
winbind use default domain = yes
[netlogon]
path = /var/lib/samba/sysvol/fastfood.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
My user from AD:
dn: CN=Jim Chuffff,CN=Users,DC=fastfood,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Jim Chuffff
sn: Chuffff
givenName: Jim
instanceType: 4
whenCreated: 20130317212551.0Z
displayName: Jim Chuffff
uSNCreated: 3873
name: Jim Chuffff
objectGUID:: hXvFCY0pTUeIgltTLbnOcQ==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAbDu04eltc/ij6yQSUQQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: jim
sAMAccountType: 805306368
userPrincipalName: [email protected]
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=fastfood,DC=lan
pwdLastSet: 130080291520000000
userAccountControl: 66048
uidNumber: 12345
whenChanged: 20130317212824.0Z
uSNChanged: 3877
distinguishedName: CN=Jim Chuffff,CN=Users,DC=fastfood,DC=lan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
If you are running samba 4 as an AD DC (that is if you specify: server
role = active directory domain controller)
you will need to configure winbind inside the samba binary. The settings
you have are obeyed by the winbind binary which should be run e.g. on a
member server, so you need to replace them with:
idmap_ldb:use rfc2307 = yes
that is the only settings (it defaults to no) which can affect winbind
behavior on an AD DC.
Regards
Geza Gemes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
