[Idmap/Winbin] Map SID to existing UID/GID with the same name?

Chun Kit Hui huichunkit.list at gmail.com
Mon Aug 14 17:36:40 GMT 2006


Dear all,


[Sorry for cross posting samba and samba-technical]


I've got a question concerning winbind and idmap. I've been googling for
days and read through the official HOWTO but yet cannot find the answer.

My situation is as follow:

I have a UNIX infrastructure (including NFS) with all user information
stored in LDAP for distributed passwd/group/shadow using nsswitch. I also
have Windows 2003 AD (MYREALM) set up. I want to setup a samba DMS under the
realm MYREALM. Everything works fine.
However, I also want to allow the windows users to manipulate the ACLs of
the files on the samba share. This creates a problem. If I don't use
winbind, the ACEs on the files cannot contains any SIDs from the AD domain
(MYREALM). If I use winbind with tdb or LDAP backend, winbind will map the
SID to a new UID different from the existing UIDs for the UNIX user
accounts.

I want to ask how can I map SID to existing UIDs if the username is
identical between the Unix world and the AD world?

Any suggestions?? or Any pointers to documentation/HOWTO ?
Thanks x 100000


Cheers,

Jacky Hui


More information about the samba-technical mailing list