[Samba] NT/ADS and UNIX user convergence using Samba

news.gmane.org looper_man at yahoo.com
Mon Apr 5 14:50:06 GMT 2004 

Hi-

I'm deploying a fileserver running Samba 3.0.2a in an environment that
contains NT and UNIX users.  I'd like to have my fileserver set up as
follows:

- Users connecting to the fileserver from NT boxes are authenticated against
the Win2K ADS Domain Controller.
- Users connecting to the fileserver from other UNIX boxes are authenticated
locally using NIS and access the shared volume via NFS.

Each user has an account on the Win2K ADS Domain, and also an account on the
NIS server.  I have this setup running now, but there's one problem:  When
the user accesses a file from a Windows client it's accessed using the
UID/GID generated by winbind, but when the user accesses a file from a UNIX
client it's accessed using the NIS UID/GID.  Effectively they have different
ownership.

I'd like this fileserver set up so that files created from either type of
client have the same ownership.  Basically I need to somehow map my ADS
UID/GID's to my UNIX UID/GID's.  I've looked around in the docs and on the
web and can't find an answer (other than warnings that the winbind UIDs
should *not* map to existing UNIX UIDs - but this is what I want!).  I know
from working with NetApps in the past that there is a way to configure those
fileservers so that they attempt to do a username match from NT to/from
UNIX, and if the same named user exists, then it will use the same UID/GID.

I really want a way to set up a mapping file or something to the effect of
this:

# NT user                UNIX user
DOMAIN+user1     user1
DOMAIN+user2     user2

It is *not* important that users have login accounts on the fileserver ...
so one idea I had was this:
- Remove NIS from the nsswitch.conf entries on the fileserver.
- Edit my /etc/passwd file on my NIS server so that UID/GID entries for a
user are the same as they ones generated by winbind

Will this work?  Will I run into a problem down the road if I add a new
fileserver (if winbind's SID->UID/GID mapping is not the same on that new
server)?

Thanks in advance,
Steve

More information about the samba mailing list