[Samba] Consistent UID/GID mappings?

Alexandre Beauclair beauclaira at lexum.com
Mon Apr 7 13:43:48 MDT 2014 

Greetings everyone,

I am currently in the process of trying to setup Samba4 as an Active Directory DC. My environment contains about 50% of Windows workstations, and 50% of Centos servers/Ubuntu workstations.
Everything setup quite nicely, with Windows workstations and Linux machines being able to logon with a domain user.
The problem I have is I can't seem to be able to get consistent UIDs and GIDs across all platforms. We would need those for we use NFS shares along with samba shares on the Samba machine.

At first, I noticed UIDs were being mapped locally, and this wouldn't do. So I read online I could use the RID backend with winbind to generate their mappings in a consistent fashion. It worked great on my Linux members (running Samba3). UIDs were the same, and everything was good. Then I noticed it didn't work on the Samba DC, using the same configuration. From what I could understand, it seems like RID mapping isn't supported in Samba4?

I've seen tricks such as these: http://www.blackhole-networks.com/Cheatsheets/Samba4Map/, but even so when I then tried to create a file on an NFS share (on the Samba4 DC), and then mount said share on a Samba3 member, it would show the owner and group as being "nobody", even though "getent passwd" showed the user having the same UID. 

I've also noticed on my DC, "getent passwd" displays users as DOM\testuser, whereas on my members it simply shows them as "testuser". Could this have something to do with my problem?

I've seen sample configurations using the "idmap config DOM : backend = ad" configuration, but did not have any kind of success with it. Apart from smb.conf in that kind of a setup, is there something else to configure?

Is there a new recommended way to setup mappings in Samba4? In the end all I need are UIDs to match so I can setup user home directories with NFS, and when Windows users create files under a Samba share they retain the appropriate username/group ID under Linux as well, so that everything is tied up nicely.

Thanks a lot for any help you can provide!

Regards,
Alexandre Beauclair

More information about the samba mailing list