Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Linux, Windows AD domain, and IDs



On Mon, Dec 6, 2010 at 9:39 AM, Norbert Schuehler
<nschuehler-F76l3niPtDrUp2yKEfVny0EOCMrvLtNR at public.gmane.org> wrote:
> Hi Scott,
>
> here is my smb.conf. ?With this I get the same UID on the local boxes for all my AD accounts.
>
> ns
>
> ---------
> # Use the ADs RIDs to create unique Unix uids which are the same on all file servers
> ? ? ? ?idmap backend = idmap_rid:<Your Kerberos Realm>=20000-1000000
> ? ? ? ?idmap uid = 20000-1000000
> ? ? ? ?idmap gid = 20000-1000000
> ? ? ? ?winbind use default domain = yes
> ? ? ? ?winbind enum users = no
> ? ? ? ?winbind enum groups = no
> ? ? ? ?winbind nested groups = yes
> ---------

I spent about an hour or two playing with various configurations and
options of idmap and winbind.   Along the way, some testing revealed:

getent passwd my_ad_account returned almost all appropriate values,
but the uid and gid were both 10000, clearly not correct.

wbinfo -n my_ad_account returned my correct sid (I think that was the
wbinfo syntax used.  In any event, whatever syntax I used for me
returned the correct sid.

So we know the system can see me - I just need the uid to be accurate.

As an update, I need the uid to return the numeric portion of my
ad_account username, so if I am se123456, I need the uid to return
123456, thus getent passwd would show se123456:x:123456:blah....

Thanks.

Scott







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org