[Samba] IDMAP question
in [Samba]
|
From: Mike Leone on 7 Apr 2010 15:40 I have a Samba 3.4.0 server (from Ubuntu 9.04), as a member server in my Win2003 AD (which has MS Services for Unix 3.5 installed). All seems well, in that it is properly joined to my AD, I've got it all configured so that domain members can log into the Linux servers using their domain credentials. Here's my config: # WINBIND # idmap domains = DACRIB idmap config DACRIB: default = true idmap uid = 10000-20000 idmap gid = 10000-20000 idmap config DACRIB:schema_mode = rfc2307 2 questions: 1. I had to comment out "idmap domains = DACRIB", as it said it was an unknown parameter. Isn't that the proper format to list the AD domain for idmapping? 2. If I understand it correctly, "idmap config DACRIB:RID=10000-20000" equivalent to what I have above? Would that give me any capabilities that my "default = true" does not give me? (I'd have to change "passdb backend = tdbsam" to .. what?) smb.conf follows: [global] workgroup = DACRIB realm = DACRIB.LOCAL server string = %h server (Samba %v, Domain: %D, Server: %L -%R) security = ADS map to guest = Bad User client use spnego = true client ntlmv2 auth = yes # PAM AUTH encrypt passwords = Yes obey pam restrictions = Yes pam password change = true password server = dim-win2300.DaCrib.local passdb backend = tdbsam pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes log level = 1 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 preferred master = No domain master = No local master = No os level = 2 ; browse list = Yes dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d # WINBIND # idmap domains = DACRIB idmap config DACRIB: default = true idmap uid = 10000-20000 idmap gid = 10000-20000 idmap config DACRIB:schema_mode = rfc2307 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No winbind nested groups = Yes winbind refresh tickets = true winbind nss info = rfc2307 winbind separator = + template homedir = /home/%D/%u template shell = /bin/bash invalid users = root create mask = 0700 directory mask = 0775 writable = Yes enable privileges = Yes restrict anonymous = 2 wide links = no [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [OldHome] comment = The Old Home Folder read only = No path = /OldHome -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] DFS/FRS Next: how to mount shares as a user without mount.cifs setuid |