Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Iegan Amadeus2019-01-25 14:10:36
linux
Iegan Amadeus, 2019-01-25 14:10:36

Samba with AD integration, how to configure it to distinguish between domains?

Platform Debian 9.5 Stretch, Samba 4.5.12.
I'm trying to set up samba integration in a subdomain on win 2008r2. A bunch of two domains like SUBDOMIAN.DOMIAN.ORG and DOMIAN.ORG should work with both samba. And everything works like that, but I can't set up id-mapping - samba doesn't want to understand which domain the user belongs to. The rules idmap SUBDDOMIAN, idmap DOMIAN are ignored for both of them the general idmap * rule applies. Authorization goes on, I get users with the getent command, I see groups, but the mapping does not work by domain name. Only the general rule will be accepted. I probably didn’t set up some little thing, but I don’t know where to look anymore. Please help me figure it out.
Mapping rid is needed, both domains have SID endings starting at 1000.
smb.conf

[global]
netbios name = FILESERVER
security = ADS
workgroup = SUBDOMIAN
realm = SUBDOMIAN.DOMIAN.ORG

log level = 3
log file = /var/log/samba/log.%m
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
encrypt passwords = yes

auth methods = winbind
name resolve order = hosts bcast lmhosts
case sensitive = no
dns proxy = yes
server string = %v samba

client signing = auto
local master = no
domain master = no
preferred master = no
debug level = 2
load printers = no
hosts allow = 192.168.1. 192.168.2. 192.168.3.

oplocks = yes
kernel oplocks = yes
level2 oplocks = yes
veto oplock files = /*.data/*.DATA/*.mdb/*.MDB/*.ldb/*.LDB/*.accdb/*.cdx/*.CDX/*.dbf/*.DBF

inherit acls = yes
inherit owner = yes
inherit permissions = yes

dos charset = cp866
unix charset = utf-8
max log size = 512
os level = 0

map to guest = Bad User


idmap config SUBDOMIAN : range = 10000-13000
idmap config SUBDOMIAN : backend = rid
idmap config SUBDOMIAN : default = yes

idmap config DOMIAN : range = 20000-23000
idmap config DOMIAN : backend = rid

idmap config BUILTIN : range = 30000-33000
idmap config BUILTIN : backend = rid

idmap config NT AUTHORITY : range = 40000-43000
idmap config NT AUTHORITY : backend = rid

idmap config * : range = 500000-550000
idmap config * : backend = rid

#winbind separator = \
winbind trusted domains only = no
#winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind normalize names = yes

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
A
Alibek Kulseitov2016-08-04 09:58:07
Show DIV if user moved mouse away from site? 6Reply
K
khataev2014-08-03 22:45:16
What is missing to display an image as the background of an html page? 4Reply
J
Jopeee2020-10-30 00:14:42
How to fix Ubuntu 20.04 slow startup? 3Reply
H
Harold2020-11-10 00:37:33
Is there a universal content cms? 5Reply
A
annonimus2018-12-21 12:17:25
How to edit context menu in XFCE? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question