[Samba] SID in Explorer Owner Field using LDAP

Mike Branda mike at wackyworld.tv
Tue Aug 8 16:55:36 GMT 2006


Hello!  I'd appreciate any help on this as I am stumped.

I have 4 servers running Samba.

The First is Acting as a PDC with roaming profile logons as well as an
LDAP server.  I am using the smbldap-tools to administer the two.

That works great.

I also have 3 other network file servers that are mapped to use LDAP
from the PDC for posix account info.  I set the smb.conf on each of them
to use LDAP for sambaSamAccount info also via below:

# Specifying ldapsam backend database
####################################################
passdb backend = ldapsam:ldaps://my.pdc.servername.com
username map = /etc/samba/smbusers

# OpenLDAP stuff is defined here
###################################################
ldap suffix = dc=my,dc=pdc,dc=servername,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Users
ldap admin dn = uid=Admin,ou=Users,dc=my,dc=pdc,dc=servername,dc=com
ldap ssl = On
ldap passwd sync = Yes
idmap uid = 150000-550000
idmap gid = 150000-550000

Now the accounts can log in fine with single point LDAP user management
from all the systems posix, samba or otherwise.  The problem I am having
is the SID from the PDC box is what is used to generate the data in the
users sambaSID LDAP entry.  As a result,  The "Owner" field in the
Windows file Explorer is correct for the homes share from the PDC in
that it displays the "workgroup\joeuser" posix name.  Shares mapped from
the file servers show the long
S-1-5-21-1234567890-1234567890-1234567890-2308 (with the last four being
the rid?) where the first part is the SID from the PDC as the "Owner".
Is there a way to make these display the right posix name also instead
of the long non-useful sambaSID?


Thanks!!

Mike



More information about the samba mailing list