Thanks for the replies on this. I'm on holiday at the mo, but will try it when I get home and get back to you.
cheers, Jim On Mar 27, 2013 2:21 PM, "Gémes Géza" <[email protected]> wrote: > > Hi, > >> On Wed, Mar 27, 2013 at 6:14 AM, Jim Potter <[email protected]> wrote: >>> >>> Hi all, >>> >>> I'm trying to get the unix extensions working in AD. I'm obviously missing >>> something, but I can't see what... >>> >>> I've just created user Jim (using ADUC) and added a uidnumber (using >>> ADSIEdit). From this and what I have below, user Jim should have uidNumber >>> of 12345 (from AD) and not be prefixed with Domain name. This isn't >>> happening. Does anyone have any idea why not? >>> >>> cheers, >>> >>> Jim >>> >>> >>> Excerpt from getent passwd: >>> saned:x:110:117::/home/saned:/bin/false >>> FASTFOOD\Administrator:*:0:100::/home/FASTFOOD/Administrator:/bin/false >>> FASTFOOD\Guest:*:3000011:3000012::/home/FASTFOOD/Guest:/bin/false >>> FASTFOOD\krbtgt:*:3000016:100::/home/FASTFOOD/krbtgt:/bin/false >>> FASTFOOD\jim:*:3000019:100:Jim Chuffff:/home/FASTFOOD/jim:/bin/false >>> >>> >>> smb.conf: >>> [global] >>> workgroup = FASTFOOD >>> realm = FASTFOOD.LAN >>> netbios name = CHIPSHOP >>> server role = active directory domain controller >>> >>> dns forwarder = 62.24.199.13 >>> >>> log level = 3 >>> >>> algorithmic rid base = 10000 >>> >>> idmap config * : range = 50001-60000 >>> idmap config * : backend = ad >>> >>> idmap config FASTFOOD : range = 10000-50000 >>> idmap config FASTFOOD : backend = ad >> >> Hello Jim, >> Try adding these lines. If this doesn't work, I think you're being >> bitten by a known bug specific to this setup on an S4 DC. Andrew wrote >> a patch back in Nov-Dec, but it may not have made it into the >> codebase. Let me know if that doesn't work and I'll try to find that >> thread. I'm pretty sure someone came up with a work around. >> >> idmap config FASTFOOD : schema_mode = rfc2307 >> idmap config FASTFOOD : default = yes >> >> winbind enum users = yes >> winbind enum groups = yes >> >>> winbind nss info = rfc2307 >>> winbind use default domain = yes >>> >>> [netlogon] >>> path = /var/lib/samba/sysvol/fastfood.lan/scripts >>> read only = No >>> >>> [sysvol] >>> path = /var/lib/samba/sysvol >>> read only = No >>> >>> My user from AD: >>> dn: CN=Jim Chuffff,CN=Users,DC=fastfood,DC=lan >>> objectClass: top >>> objectClass: person >>> objectClass: organizationalPerson >>> objectClass: user >>> cn: Jim Chuffff >>> sn: Chuffff >>> givenName: Jim >>> instanceType: 4 >>> whenCreated: 20130317212551.0Z >>> displayName: Jim Chuffff >>> uSNCreated: 3873 >>> name: Jim Chuffff >>> objectGUID:: hXvFCY0pTUeIgltTLbnOcQ== >>> badPwdCount: 0 >>> codePage: 0 >>> countryCode: 0 >>> badPasswordTime: 0 >>> lastLogoff: 0 >>> lastLogon: 0 >>> primaryGroupID: 513 >>> objectSid:: AQUAAAAAAAUVAAAAbDu04eltc/ij6yQSUQQAAA== >>> accountExpires: 9223372036854775807 >>> logonCount: 0 >>> sAMAccountName: jim >>> sAMAccountType: 805306368 >>> userPrincipalName: [email protected] >>> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=fastfood,DC=lan >>> pwdLastSet: 130080291520000000 >>> userAccountControl: 66048 >>> uidNumber: 12345 >>> whenChanged: 20130317212824.0Z >>> uSNChanged: 3877 >>> distinguishedName: CN=Jim Chuffff,CN=Users,DC=fastfood,DC=lan >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba > > If you are running samba 4 as an AD DC (that is if you specify: server role = active directory domain controller) > you will need to configure winbind inside the samba binary. The settings you have are obeyed by the winbind binary which should be run e.g. on a member server, so you need to replace them with: > idmap_ldb:use rfc2307 = yes > that is the only settings (it defaults to no) which can affect winbind behavior on an AD DC. > > Regards > > Geza Gemes > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
