[Samba] Help! Emergency

[Christian Lahti]

Ok, so this is probably a stupid question asked a million times, but I
am a bit stuck.  Up till now I have always deployed an OpenLDAP backend
and a Samba domain controller in order to share the same set of data
between unix and windows hosts.  So jsmith with a UID of 1001 could
read/write files either in Linux or windows and the same "identity"
would be used.  Now I am working for a company that uses active
directory, I consolidated Linux to use AD for Unix, so now in AD I have
jsmith and 1001 as the "NIS" Uid.  Now comes the bad part, on a Linux
filesystem shared by Samba to windows, when jsmith writes a file to the
samba share, I expect the owner of the file to be 1001 BUT it is
something like 16777216 instead!  I suppose this has to do with the UID
mapping, I just want the UID/GID to keep with the same AD stuff.
Please, please, please tell me how I should setup Samba to use the
assigned UID to the AD name.  I thought by joining the AD domain samba
would pick this up.  I am suspecting I have to use LDAP access to AD to
get the UID/GID info, but the attribute names are not standard POSIX
stuff.  I am sure there is an easy solution for this, the whole idea of
using AD for both Windows and Unix was to eliminate administration and
get closer to single signon.

 

[global]

   log file = /var/log/samba/%m.log

   load printers = yes

   idmap gid = 16777216-33554431

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   wins server = 192.168.1.2

   winbind use default domain = no

   template shell = /bin/bash

   dns proxy = no

   cups options = raw

   netbios name = tuvalu

   server string = Matisse Storage

   idmap uid = 16777216-33554431

   workgroup = MATISSE

   os level = 20

   printcap name = /etc/printcap

   security = ads

   max log size = 50

   password server = MATISSE01

   realm = MATISSENETWORKS.COM

 

 

/Christian Lahti

christian at matissenetworks.com