[Samba] How to map a user to a specific uid?

David Shapiro David.Shapiro at bcbsnc.com
Tue Aug 22 18:25:46 GMT 2006 

I am using:
 
workgroup = BCBSNC
        realm = BCBSNC.COM
        server string = User management Server
        security = ADS
        password server = ad.bcbsnc.com
        idmap backend = rid:BCBSNC=100000-200000
        allow trusted domains = No
        log level = 0
        log file = /usr/local/samba/var/log.%m
        max log size = 50
        name resolve order = hosts wins lmhosts bcast
        socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
        preferred master = No
        local master = No
        dns proxy = No
        wins server = svcmc02, svcmc03
        ldap ssl = no
        idmap uid = 100000-200000
        idmap gid = 100000-200000
        template shell = /bin/ksh
        template homedir = /home/%D/%U
        winbind separator = +
        winbind nested groups = Yes
        winbind use default domain = Yes
        aio read size = 1
        aio write size = 1
        nt acl support = Yes
        username map = /usr/local/samba/lib/users.map

[homes]
        root preexec = /usr/local/samba/bin/mkhome.sh %D %U
        path = /home/%D/%U
        valid users = %D+%U
        read only = No
        browseable = No

If is do an ls -la of the /home/MYDOMAIN, I see
 
drwxr-x---   3 joe users           256 Feb 24 13:04 joe
 
But nfs mount joe on the remote system appears as uid of 100000 instead
of the uid 785757 (joe's unix uid)
 
 
In that, it is using the rid id not the unix user's uid.
 
David
 
 
 
David Shapiro
Distributed Systems
Unix Team Lead
office: 919-765-2011
cellphone: 730-0538

>>> "Gerald (Jerry) Carter" <jerry at samba.org> 8/22/2006 2:14:45 PM >>>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shapiro wrote:

> What do you put in the file to map an ad user to a unix 
> user?  If I have an ad user MYDOMAIN+joe, do I put
> in user.map file:
>  

joe  = MYDOMAIN+joe

If you are not runnign winbindd and using 'security = ads',
you need

    joe = MYDOMAIN+joe MYDOMAIN.REA.LM+joe

to cover cases where the user may login via NTLM or Krb5.




cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE60mVIR7qMdg1EfYRAo82AKCAGeUBULiAr/MhTOrMIWp8w/3h6ACgu9Ck
4kGtYfCUk1TwNTvWYaGd6FY=
=DGxs
-----END PGP SIGNATURE-----

More information about the samba mailing list