I have a new setup with ldap and posix attributes, but how to setup Samba
correct?
idmap config MYDOMAIN : backend= sss
idmap config MYDOMAIN : range = 3-2147483647
idmap config * : backend= tdb
idmap config * : range = 1100-2000
My user posix uid is 30020.
If your AD DC isn't storing POSIX attributes, you can't use these and
are stuck using the UIDs generated by sssd from the user's SID.
On 11/30/21 09:19, Harald 11 wrote:
I saw that my AD does not have Posix attributes, rather than my LDAP.
I guess, I have to switch to ldap mode?
I saw that my AD does not have Posix attributes, rather than my LDAP.
I guess, I have to switch to ldap mode?
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora
On Tue, Nov 30, 2021 at 12:43 PM Harald 11 wrote:
>
> I set up this:
>
> [sssd]
> config_file_version = 2
> domains = DOMAIN.NET
>
> [domain/DOMAIN.NET]
> id_provider = ad
> access_provider = ad
> sudo_provider = none
>
> fallback_homedir = /home/%u
> default_shell = /bin/bash
> skel_dir =
I set up this:
[sssd]
config_file_version = 2
domains = DOMAIN.NET
[domain/DOMAIN.NET]
id_provider = ad
access_provider = ad
sudo_provider = none
fallback_homedir = /home/%u
default_shell = /bin/bash
skel_dir = /etc/skel
debug_level = 9
cache_credentials = false
ad_enable_gc = false
I got
Answers to questions.
(Notice I said up front that Samba is not my forte. I answered the
question when it looked like no one else was going to. I'm glad that my
limited response spurred more full and accurate responses.)
> Might I ask what commercial grade NAS solutions you're using?
Just mentioning that as pointed out in the subscriber-walled RHEL
article, for Samba >= version 4.8, you must run windbind. And don't have
a choice. My current Samba + sssd servers use an older version of
Samba, and this works great. I need to continue to have Samba and I also
need to retain
On Thu, Nov 25, 2021 at 5:17 PM Spike White wrote:
> Harald,
>
> I was hoping someone smarter than me would respond; someone who knew the
> answer. But no one else did, so let me take a crack at it. I know the
> problems and I know the possible approaches to the solution, but I do not
> know
Harald,
I was hoping someone smarter than me would respond; someone who knew the
answer. But no one else did, so let me take a crack at it. I know the
problems and I know the possible approaches to the solution, but I do not
know the solution.
FYI – we avoid Samba (servers) like the plague at