On Mon, Jul 22, 2013 at 10:15:10PM +0100, Rowland Penny wrote: > OK, that seems like it should work, I had the winbind ad backend > working, but found it difficult to setup so jumped ship to sssd > The idmap setup I used was: > idmap config *:backend = tdb > idmap config *:range = 1100-2000 > idmap config DOMAIN:backend = ad > idmap config DOMAIN:schema_mode = rfc2307 > idmap config DOMAIN:range = 10000-3100000 > As you can see the number ranges are the opposite way round to what you > have i.e. config*:range is lower than DOMAIN:range > You could also try (as a test) changing backend = ad to backend = rid, > this will ignore the rfc2307 bit but will test the connect to the AD > server. > Rowland
Changing the above ranges made no difference. However, changing backend = rid gets me: root@srv2:~# getent passwd administrator administrator:*:10005:1013:Administrator:/home/Administrator:/bin/sh root@srv2:~# id user1 uid=10000(user1) gid=1013(domain users) groups=1013(domain users),70002(BUILTIN\users) root@srv2:~# id user2 uid=10001(user2) gid=1013(domain users) groups=1013(domain users),70002(BUILTIN\users) That seems to be working perfectly. What would I be losing without rfc2307 (please excuse the ignorance)? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba