[Samba] Retry: Mapping AD domain users to UNIX users
Michael St. Laurent
mikes at hartwellcorp.com
Thu Jan 24 18:20:00 GMT 2008
Bless you Hans! I've been trying to figure this out for a while now. I did not know that idmap_nss existed!
> -----Original Message-----
> From: samba-bounces+mikes=hartwellcorp.com at lists.samba.org
> [mailto:samba-bounces+mikes=hartwellcorp.com at lists.samba.org]
> On Behalf Of Hansjörg Maurer
> Sent: Wednesday, January 23, 2008 5:20 AM
> To: Nigel.Pain at scotland.gsi.gov.uk
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Retry: Mapping AD domain users to UNIX users
>
> Hi
>
> with recent (< =3.0.26 I think) samba Versions it is possible to use
>
> http://us3.samba.org/samba/docs/man/manpages-3/idmap_nss.8.html
>
> idmap domains = DOMNAME
> idmap config DOMNAME:backend = nss
> idmap config DOMNAME:readonly = yes
>
> in our case.
>
> We are running 3.0.28 in security = ADS,
> and Linux gets the same usernames from NIS vis nss.
>
> They are correctly mapped , and zhe windows security dialog shows
> DOMNAME\username
>
> Regards
>
> Hansjörg
>
>
>
>
> Nigel.Pain at scotland.gsi.gov.uk wrote:
> > Further information:
> >
> > Someone suggested that the problem might be because of the
> AD user names
> > being uppercase, which could be resolved with a usermap
> file. There are
> > some AD user IDs that are uppercase (whereas all the UNIX ones are
> > lowercase). However, I thought that the automatic mapping
> took care of
> > that? Also, I wanted to avoid having an explicit usermap
> file as that's
> > one extra thing to manage. Maybe I'm expecting too much of Samba?
> >
> > I tried configuring for a usermap file and adding an account mapping
> > into it. However, the security properties on the Windows side still
> > display the account in the form:
> >
> > u123456 (Unix User\u123456)
> >
> > Regards,
> > Nigel
> >
> > ----------------------------------------
> > Nigel Pain
> > The Scottish Government
> > Corporate Systems Support
> > Information Systems and Information Services (ISIS)
> > Victoria Quay
> > EDINBURGH
> > EH6 6QQ
> > UK
> >
> >
> > ********************************************************
> >
> > This e-mail (and any files or other attachments transmitted
> with it) is intended solely for the attention of the
> addressee(s). Unauthorised use, disclosure, storage, copying
> or distribution of any part of this e-mail is not permitted.
> If you are not the intended recipient please destroy the
> email, remove any copies from your system and inform the
> sender immediately by return.
> >
> >
> >
> > Communications with the Scottish Government may be
> monitored or recorded in order to secure the effective
> operation of the system and for other lawful purposes. The
> views or opinions contained within this e-mail may not
> necessarily reflect those of the Scottish Government.
> >
> > ********************************************************
> >
> >
> > The original of this email was scanned for viruses by the
> Government Secure Intranet virus scanning service supplied by
> Cable&Wireless in partnership with MessageLabs. (CCTM
> Certificate Number 2007/11/0032.) On leaving the GSi this
> email was certified virus free.
> > Communications via the GSi may be automatically logged,
> monitored and/or recorded for legal purposes.
> >
>
> --
> _________________________________________________________________
>
> Deutsches Zentrum fuer Luft- und Raumfahrt e.V.
> in der Helmholtz-Gemeinschaft
>
> Institut fuer Robotik und Mechatronik
>
> Dr. Hansjörg Maurer
>
> LAN- und Systemmanager
>
> Münchner Strasse 20
> 82234 Wessling
> Germany
>
> Telefon: 08153/28-2431
> Telefax: 08153/28-1134
>
> E-Mail: Hansjoerg.Maurer at dlr.de
> Internet: http://www.robotic.dlr.de/
>
> __________________________________________________________________
>
>
> There are 10 types of people in this world,
> those who understand binary and those who don't.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list