[Samba] SAMBA ADS to NIS mapping

Barry Dowell barry.dowell at ai-solutions.com
Thu Jul 5 22:23:31 GMT 2007

I am working in an environment with an HP-UX NIS that my Red Hat ES 4.x
system is using for Unix access controls.

My Red Hat system is serving as an NFS server for the HP-UX users who also
could be Windows users coming from a Windows Server 2003 active directory.

I have tested some configurations of SAMBA using winbind, but I don't get
the results I want.  What happens when using winbind (via authconfig) is
that if I have the template directory for homedir configured as per below,
the home directory must be owned by REALM\user, rather than mapping over to
the NIS user owned directory in the same location.  For now, I've disabled
winbind since we don't actually have need for it outside of helping to map
usernames from Windows ADS to Unix NIS (if we are actually supposed to use
it there).

What I want to have happen is that REALM\username maps over to a user from
the NIS.  As an example, what I am expecting is that I need to have an
smbpasswd file that includes all of the users from my NIS.  I have done that
via instructions taken from
a-configuring.html that instruct to do:

ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

I have set username map = /etc/samba/smbusers  and have added a few specific
users (for testing) to the mapping there with unixname = windowsname  for
the users I am testing on.

The Red Hat server has been joined to the Windows domain, kerberos is
working fine, and when I have winbind running I can successfully use wbinfo
-g or wbinfo -u to dump the group or user names.  (Though I have winbind off
at the moment).

Again though, what I really want to have happen is for windows usernames to
be mapped over to NIS usernames so that when a Windows user attempts to
access their home directory they will be able to.

Anyone able to help clear up my confusion here and point me in the proper
direction to have names from one side mapped to names on the other side?

Snippets from smb.conf
   security = ADS
   username map = /etc/samba/smbusers

# WINBIND stuff
   template homedir = /exports/home/%u
   template shell = /bin/bash

#============================ Share Definitions
#       idmap uid = 16777216-33554431
#       idmap gid = 16777216-33554431
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   password server = WINDOWSPASSWORDSERVER
   realm = REALM
#   winbind use default domain = no

Thanks in advance!


More information about the samba mailing list