AW: AW: AW: AW: after an upgrade from 4.1.6 to 4.2.0rc4 with security = ADS "force user" did not work anymore
Rowland Penny
repenny241155 at gmail.com
Thu Jan 29 09:06:49 MST 2015
On 29/01/15 15:57, Dr. Hansjoerg Maurer wrote:
> sorry, there we may have a missunderstanding.
>
> We have only ONE unix user maurerh, which VAS retrieves directly from the AD Domain
>
> getent passwd | grep maurerh
> maurerh:VAS:7740:43466:YYY:/home/maurerh:/usr/local/bin/tcsh
>
> VAS is just another way for providing AD User with rfc2307 attributes to a unix system.
>
> The UID/GID of this user is the one stored in AD.
>
> And they are identical to the ones, wbinbind provides, because its the same user object
> wbinfo --uid-info 7740
> XXX\maurerh:*:7740:43466:YYY:/home/maurerh:/bin/false
>
>
> With idmap_nss the Unix User maurerh should automatically be mapped to the Domainuser XXX\maurerh
>
> In this case I do net expect any difference, if we have
>
> passwd: files winbind
> or
> passwd: files vas4
> or
> passwd: files sss
>
> in order to provide the unix users form the AD to the unix system.
>
> The AD provides a unique unix user with Unix attributes stored in AD in rfc2307 attributes
>
> If I connect to the samba server form the windows side as XXX\maurerh
> every file I create is owned by maurerh with UID 7740 in the filesystem.
> Therefore the mapping works.
>
> Only when I use
> force user = maurerh
> or
> force user = XXX\maurerh
> I can not access the share anymore (which worked in 4.1.16)
>
> And therefore I think we have a problem with force user in 4.2, which of course could be related to the winbind changes you mention
>
>
> Regards
>
> Hansjörg
>
OK, lets see if I have it correct, you only have *one* user in AD with a
'uidNumber' attribute and this is the AD user 'maurerh' and this user
does not appear in /etc/passwd.
Does 'Domain Users' have a 'gidNumber' ?
Can you please post your entire (sanitized if you like) smb.conf
Rowland
More information about the samba-technical
mailing list