[Samba] mapping SID - UID, GID with SFU 3.5
Bjoern_80 at gmx.de
Bjoern_80 at gmx.de
Thu May 3 12:12:57 GMT 2007
Hello together,
I have:
gentoo with samba-3.0.24
W2003 AD with SFU 3.5
uid and gid in SFU
linux configured to use AD with ldap client for mapping users, groups and
authentication
winbind not configured.
Everyting works fine except ACL in the linux filesystem: I receive this
error when I want to add an user access to a file:
[2006/10/18 09:38:28, 0] (1399)
create_canon_ace_lists: unable to map SID
to uid or gid.
Is it possible to manage ACL without winbind configured?
I have just found some information about using winbind for this one.
I have set up an test:
smb.conf:
[global]
log level = 2
dns proxy = no
domain master = no
preferred master = no
workgroup = DOMAIN
security = ADS
realm = DOMAIN.LOCAL
password server = win2003ads.domain.local
host msdfs = no
idmap backend = ad
winbind nss info = sfu
#idmap uid = 100-70000
#idmap gid = 100-70000
winbind trusted domains only = no
winbind enum groups = yes
winbind enum users = yes
winbind separator = +
winbind nested groups = yes
winbind use default domain = yes
With winbind I have the following problem:
When I activate idmap uid / gid winbind returns an own uid/gid, not the
ADS-stored uid/gid.
When I deactivate this option, winbind tells me, that its not possible to
convert an S-ID to uid:
a.)
gentooads ~ # wbinfo -S S-1-5-21-2754069521-2579576118-433682804-1204
100
b.)
gentooads ~ # wbinfo -S S-1-5-21-2754069521-2579576118-433682804-1204
Could not convert sid S-1-5-21-2754069521-2579576118-433682804-1204 to uid
If winbind is necessary, how can I use the SFU-attributes?
Thanks a lot!!
More information about the samba
mailing list