Samba4 Linux user has two uid's
steve
steve at steve-ss.com
Thu Mar 21 16:44:28 MDT 2013
On 21/03/13 23:10, Gémes Géza wrote:
> 2013-03-21 21:01 keltezéssel, Rowland Penny írta:
>> HI,
>> If You join a S3 client to a S4 domain you get a different uid on the
>> client and server i.e.
>>
>> Info from the client
>> $ id user
>> uid=21105(user) gid=20513(domain_users)
>> groups=20513(domain_users),1101(BUILTIN\users)
>>
>> Info from the server
>> # id user
>> uid=3000016(DOMAIN\user) gid=100(users) groups=100(users)
>>
>> Now if you mount a share onto the client from the server via pam_script:
>>
>> mount -t cifs //server/dropbox /home/dropbox -o
>> username=user,cruid=userid,sec=krb5i,multiuser,nobrl,mapchars,mfsymlinks,noserverino
>>
>>
>> If a file is now created in the share by the user, the user
>> immediately looses all rights to it from the client.
>>
>> Is this a CIFS problem or a Samba4 problem?
>>
> Hi,
>
> Please check that you have the following:
>
> For samba4 use rfc2370 and specify the uids gids (using e.g. ADUC),
> copy/symlink the libnss files and allow winbind in /etc/nsswitch.conf
> For samba3 use idmap_ad with a range that covers the assigned uids/gids.
>
> If that is configured and don't work as expected please post your
> smb.conf (both from AD and client system) and an ldif for an user
> obtained by ldbsearch.
>
> Regards
>
> Geza Gemes
Hi Rowland, Geza
1. the nss mappings.
Rowland, you don't say how you're pulling the uid but I have several s3
boxes connected to a S4 DC. The DC is also the file server. I gave up on
winbind in favour of nss-ldapd and using it to pull the whole of rfc2307
on both the s3 clients and the s4 DC. The mappings are identical on both
client and server. It seems much easier to setup than winbind.
2. the cifs mount on the clients
I think the mappings must be identical before the permissions and
ownerships will work, but just keeping it simple; as any of several
users can login onto any given client, we simply mount the equivalent of:
mount -t cifs //server/share /share -osec=krb5,multiuser
IOW, forget specifying a specific user. Get it working with multiuser
first and then add the other stuff?
HTH. Cheers,
Steve
More information about the samba-technical
mailing list