[Samba] Samba Domain Member Server -- tdbsam/winbind/idmap_rid -- file ownership ?

Chris Hall chris.hall at halldom.com
Fri Feb 9 09:14:03 GMT 2007

I have just struggled to implement a Samba Domain Server, and have some 
remaining issues.

I have a Samba PDC using tdbsam, managing a domain called RHEA.

I have (finally) configured a new Samba Domain Server (AUREUS) using 
winbind and idmap_rid.

When I am logged in to RHEA as user GMCH I can access a TMP share on 
AUREUS (at last).

Running 'getent passwd' I get (inter alia):


and 'getent group' gives:

   RHEA\domain users:*:1053:RHEA\gmch:...

When I create files on TMP I find that they are owned by 'root' and in 
the group 'RHEA\domain users', eg:

   -rwxr--r-- 1 root RHEA\domain users 8 Feb  8 20:29 Hello Samba

The group is fine.

QUESTION: why is the file owner not RHEA\gmch ?

I note that 'RHEA\gmch' and 'RHEA\domain users' are apparently disabled 
as far as getent can see -- so I suppose that's what winbindd is telling 
it.  Is this the problem ?

BTW I discover that it is a good idea to set 'root' in the tdbsam, along 
with groupmap for 'Domain Admins' etc.  Windows then reports ownership 
of 'AUREUS\root'.

Chris Hall   @ Home                                         +44 (0)7970 277 383

More information about the samba mailing list