If you want my opinion, this is just another example of why not to use winbind, if you can wait until tomorrow , I will send you an howto on sssd on Ubuntu 12.04
Rowland On Jul 22, 2013 10:36 PM, "steve" <st...@steve-ss.com> wrote: > On Mon, 2013-07-22 at 17:29 -0400, Matthew Daubenspeck wrote: > > On Mon, Jul 22, 2013 at 10:15:10PM +0100, Rowland Penny wrote: > > > OK, that seems like it should work, I had the winbind ad backend > > > working, but found it difficult to setup so jumped ship to sssd > > > The idmap setup I used was: > > > idmap config *:backend = tdb > > > idmap config *:range = 1100-2000 > > > idmap config DOMAIN:backend = ad > > > idmap config DOMAIN:schema_mode = rfc2307 > > > idmap config DOMAIN:range = 10000-3100000 > > > As you can see the number ranges are the opposite way round to what > you > > > have i.e. config*:range is lower than DOMAIN:range > > > You could also try (as a test) changing backend = ad to backend = > rid, > > > this will ignore the rfc2307 bit but will test the connect to the AD > > > server. > > > Rowland > > > > Changing the above ranges made no difference. However, changing backend > > = rid gets me: > > > > root@srv2:~# getent passwd administrator > > administrator:*:10005:1013:Administrator:/home/Administrator:/bin/sh > > Amazing;) > > > > That seems to be working perfectly. What would I be losing without > > rfc2307 (please excuse the ignorance)? > > You'd lose control over uidNumber, gidNumber and you wouldn't be able to > specify your own home directories and login shells. It's also a > nightmare if you add a second DC. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
