[Samba] Help! Emergency

Christian Lahti christian at matissenetworks.com
Sat Nov 19 00:01:11 GMT 2005 

Ok, I solved my own problem, here is the config that works:

[global]
   log file = /var/log/samba/%m.log
   load printers = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   wins server = 192.168.1.2
   template shell = /bin/bash
   dns proxy = no
   cups options = raw
   netbios name = tuvalu
   server string = Matisse Storage
   workgroup = MATISSE
   os level = 20
   printcap name = /etc/printcap
   security = ads
   max log size = 50
   password server = MATISSE01
   realm = MATISSENETWORKS.COM
   winbind cache time = 5
   winbind use default domain = yes
   winbind trusted domains only = Yes
   winbind nested groups = Yes

-----Original Message-----
From: samba-bounces+christian=matissenetworks.com at lists.samba.org
[mailto:samba-bounces+christian=matissenetworks.com at lists.samba.org] On
Behalf Of Christian Lahti
Sent: Friday, November 18, 2005 3:29 PM
To: samba at lists.samba.org
Subject: [Samba] Help! Emergency

Ok, so this is probably a stupid question asked a million times, but I
am a bit stuck.  Up till now I have always deployed an OpenLDAP backend
and a Samba domain controller in order to share the same set of data
between unix and windows hosts.  So jsmith with a UID of 1001 could
read/write files either in Linux or windows and the same "identity"
would be used.  Now I am working for a company that uses active
directory, I consolidated Linux to use AD for Unix, so now in AD I have
jsmith and 1001 as the "NIS" Uid.  Now comes the bad part, on a Linux
filesystem shared by Samba to windows, when jsmith writes a file to the
samba share, I expect the owner of the file to be 1001 BUT it is
something like 16777216 instead!  I suppose this has to do with the UID
mapping, I just want the UID/GID to keep with the same AD stuff.
Please, please, please tell me how I should setup Samba to use the
assigned UID to the AD name.  I thought by joining the AD domain samba
would pick this up.  I am suspecting I have to use LDAP access to AD to
get the UID/GID info, but the attribute names are not standard POSIX
stuff.  I am sure there is an easy solution for this, the whole idea of
using AD for both Windows and Unix was to eliminate administration and
get closer to single signon.

 

[global]

   log file = /var/log/samba/%m.log

   load printers = yes

   idmap gid = 16777216-33554431

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   wins server = 192.168.1.2

   winbind use default domain = no

   template shell = /bin/bash

   dns proxy = no

   cups options = raw

   netbios name = tuvalu

   server string = Matisse Storage

   idmap uid = 16777216-33554431

   workgroup = MATISSE

   os level = 20

   printcap name = /etc/printcap

   security = ads

   max log size = 50

   password server = MATISSE01

   realm = MATISSENETWORKS.COM

 

 

/Christian Lahti

christian at matissenetworks.com

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list