Hi,
I'm trying to setup a samba domain controler trusting a NT4 domain.
and want to use Idmap information already stored in an LDAP location.
smb.conf snippets are below. I'm not getting this to work. What I see,
reading log.winbindd-idmap at log level 10 is that search for Idmap
entries seems to use the "ldap suffix" parameter instead of the
idmap config <DOMAIN>:ldap_base_dn as a search base, i.e.
it starts at ou=Trusting,ou=MyAccounts,o=Universitaet Marburg,c=DE
while it should start at
ou=Idmap,ou=Trusted,ou=MyAccounts,o=Universitaet Marburg,c=DE
Any hints?
regards,
Wolfgang Ratzka
-------------------------------------------
[global]
(...)
workgroup = TRUSTING
server string = %h
security = user
encrypt passwords = true
obey pam restrictions = No
passdb expand explicit = No
domain logons = Yes
preferred master = Yes
os level = 65
domain master = Yes
enable privileges = Yes
logon home =
logon path =
passdb backend = ldapsam:ldap://somewhere.uni-marburg.de/
ldap ssl = start_tls
ldap admin dn = uid=samba,ou=Access,o=Universitaet Marburg,c=DE
ldap suffix = ou=Trusting,ou=MyAccounts,o=Universitaet Marburg,c=DE
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap delete dn = Yes
# Idmap for trusted Domain TRUSTED should come from LDAP
idmap domains = TRUSTED
idmap config TRUSTED:backend = ldap
idmap config TRUSTED:readonly = yes
idmap config TRUSTED:ldap_base_dn =
ou=Idmap,ou=Trusted,ou=MyAccounts,o=Universitaet Marburg,c=DE
idmap config TRUSTED:ldap_user_dn =
uid=sambaanon,ou=Access,o=Universitaet Marburg,c=DE
idmap config TRUSTED:ldap_url = ldaps://somewhere.Uni-Marburg.DE/
idmap config TRUSTED:range = 80000-90000
--
Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994
Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
