winbind id映射问题

Question

我已经将SLES 15 sp 2服务器与Windows2019 ad服务器集成在一起，我可以在Linux systems.However中使用AD用户id登录，uid/gid没有反映出ad.We设置了uid(例如: uid- > 8000 )、gid、登录shell和ad user/group属性级别的用户主目录。这是smb.conf文件

# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
[global]
  workgroup = abcde5
  usershare allow guests = YES
  idmap config * : backend = tdb
  idmap config * : range = 5000000-5999999
  idmap config  ABC : backend = ad
  idmap config  ABC : range = 1000-99999
  idmap config  ABC : schema_mode = rfc2307
  idmap config  ABC : unix_nss_info = yes
  kerberos method = secrets and keytab
  realm = ABC.DE5.CORP
  security = ADS
  template homedir = /home/%U
  template shell = /bin/bash
  winbind offline logon = yes
  winbind use default domain = yes
  winbind refresh tickets = yes
  log file = /var/log/samba/%m.log
  log level = 1
  vfs objects = acl_xattr
  map acl inherit = yes
  store dos attributes = yes

de5pw04:/etc/samba # id de5group1u1

uid=5000000(de5group1u1) gid=5000000(域用户)groups=5000000(域用户)，5000001(De5group1) de5pwd04:/etc/samba #

de5pwd04:/etc/samba # wbinfo -V
Version 4.11.14-git.313.d4e302805e14.32.1-SUSE-oS15.0-x86_64
de5pwd04:/etc/samba #

请告诉我，如何将uid/gid设置在Linux系统的广告上供用户使用。

Answer 1

如果您的工作组是'ABCDE5‘，那么您的'idmap配置ABC’行是错误的，它们应该是'idmap配置ABCDE5 5‘。这导致您的用户和组被放到“*”域中。