[Samba] SAMBA ADS to NIS mapping

Barry Dowell barry.dowell at ai-solutions.com
Thu Jul 5 22:43:54 GMT 2007

D'oh!  I think I have things figured out actually, but have a remaining
issue to unburden if someone is able to help.

First, the username mapping (without winbind in effect) seems to be working
for me now.  I had thought it wasn't functioning properly because when I
browsed to \\sambaserver I would see my named folder (home directory there)
showing up, but couldn't access same.

I was not paying enough attention to see that the real problem there is that
samba was trying to map my home folder based on the path noted in the NIS (
which is just /home/username ) rather than the path that the samba server is
using to get there currently ( /exports/home/username )

I updated the path under the [homes] tag in the samba.conf to get that
resolved and woohoo! Things work there now.

But, I'm left with a final issue, or what I think is a final issue.

My Windows names typically do not exactly match the Unix usernames.  As an
example I have users in Windows in the following format:
FirstInitialMiddleInitialLastname  so Joe The User would be JTUSER.  Over on
Unix I have that same user as JUSER.

During earlier testing, even with the smbusers file noting that juser =
REALM\jtuser jtuser  the mapping that samba was doing for the home directory
always seemed to be attempting to go to a folder named after the windows
user, rather than one named after the NIS username.

How do I make sure that the home directory that is shown is the properly
named NIS username folder, rather than one that doesn't exist (the longer
windows named folder)?

Thanks in advance again for helping to clear this all up for me.


-----Original Message-----
From: samba-bounces+barry.dowell=ai-solutions.com at lists.samba.org
[mailto:samba-bounces+barry.dowell=ai-solutions.com at lists.samba.org] On
Behalf Of Barry Dowell
Sent: Thursday, July 05, 2007 6:24 PM
To: samba at lists.samba.org
Subject: [Samba] SAMBA ADS to NIS mapping

I am working in an environment with an HP-UX NIS that my Red Hat ES 4.x
system is using for Unix access controls.

My Red Hat system is serving as an NFS server for the HP-UX users who also
could be Windows users coming from a Windows Server 2003 active directory.

I have tested some configurations of SAMBA using winbind, but I don't get
the results I want.  What happens when using winbind (via authconfig) is
that if I have the template directory for homedir configured as per below,
the home directory must be owned by REALM\user, rather than mapping over to
the NIS user owned directory in the same location.  For now, I've disabled
winbind since we don't actually have need for it outside of helping to map
usernames from Windows ADS to Unix NIS (if we are actually supposed to use
it there).

What I want to have happen is that REALM\username maps over to a user from
the NIS.  As an example, what I am expecting is that I need to have an
smbpasswd file that includes all of the users from my NIS.  I have done that
via instructions taken from
a-configuring.html that instruct to do:

ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

I have set username map = /etc/samba/smbusers  and have added a few specific
users (for testing) to the mapping there with unixname = windowsname  for
the users I am testing on.

The Red Hat server has been joined to the Windows domain, kerberos is
working fine, and when I have winbind running I can successfully use wbinfo
-g or wbinfo -u to dump the group or user names.  (Though I have winbind off
at the moment).

Again though, what I really want to have happen is for windows usernames to
be mapped over to NIS usernames so that when a Windows user attempts to
access their home directory they will be able to.

Anyone able to help clear up my confusion here and point me in the proper
direction to have names from one side mapped to names on the other side?

Snippets from smb.conf
   security = ADS
   username map = /etc/samba/smbusers

# WINBIND stuff
   template homedir = /exports/home/%u
   template shell = /bin/bash

#============================ Share Definitions
#       idmap uid = 16777216-33554431
#       idmap gid = 16777216-33554431
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   password server = WINDOWSPASSWORDSERVER
   realm = REALM
#   winbind use default domain = no

Thanks in advance!


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list