Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Iegan Amadeus2019-01-25 14:10:36
linux
Iegan Amadeus, 2019-01-25 14:10:36

Samba with AD integration, how to configure it to distinguish between domains?

Platform Debian 9.5 Stretch, Samba 4.5.12.
I'm trying to set up samba integration in a subdomain on win 2008r2. A bunch of two domains like SUBDOMIAN.DOMIAN.ORG and DOMIAN.ORG should work with both samba. And everything works like that, but I can't set up id-mapping - samba doesn't want to understand which domain the user belongs to. The rules idmap SUBDDOMIAN, idmap DOMIAN are ignored for both of them the general idmap * rule applies. Authorization goes on, I get users with the getent command, I see groups, but the mapping does not work by domain name. Only the general rule will be accepted. I probably didn’t set up some little thing, but I don’t know where to look anymore. Please help me figure it out.
Mapping rid is needed, both domains have SID endings starting at 1000.
smb.conf

[global]
netbios name = FILESERVER
security = ADS
workgroup = SUBDOMIAN
realm = SUBDOMIAN.DOMIAN.ORG

log level = 3
log file = /var/log/samba/log.%m
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
encrypt passwords = yes

auth methods = winbind
name resolve order = hosts bcast lmhosts
case sensitive = no
dns proxy = yes
server string = %v samba

client signing = auto
local master = no
domain master = no
preferred master = no
debug level = 2
load printers = no
hosts allow = 192.168.1. 192.168.2. 192.168.3.

oplocks = yes
kernel oplocks = yes
level2 oplocks = yes
veto oplock files = /*.data/*.DATA/*.mdb/*.MDB/*.ldb/*.LDB/*.accdb/*.cdx/*.CDX/*.dbf/*.DBF

inherit acls = yes
inherit owner = yes
inherit permissions = yes

dos charset = cp866
unix charset = utf-8
max log size = 512
os level = 0

map to guest = Bad User


idmap config SUBDOMIAN : range = 10000-13000
idmap config SUBDOMIAN : backend = rid
idmap config SUBDOMIAN : default = yes

idmap config DOMIAN : range = 20000-23000
idmap config DOMIAN : backend = rid

idmap config BUILTIN : range = 30000-33000
idmap config BUILTIN : backend = rid

idmap config NT AUTHORITY : range = 40000-43000
idmap config NT AUTHORITY : backend = rid

idmap config * : range = 500000-550000
idmap config * : backend = rid

#winbind separator = \
winbind trusted domains only = no
#winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind normalize names = yes

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
E
eight_bit2019-10-21 11:41:25
Laptop freezes on reboot after installing additional SSD, how to diagnose? 1Reply
D
dezafe2016-11-17 06:23:17
VPN over Tor how to do? 0Reply
B
brar2019-04-13 23:36:09
How is the left mail sent from the site? 1Reply
D
Denis Smirnov2016-11-17 14:40:52
How to build expandable storage from multiple iscsi disks? 3Reply
V
Volodymyr Palamar2019-04-14 14:40:11
How to transfer images along with audio in rtmp stream? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question