[Samba] Active directory and winbind RID/SID to uid and gid maping
across several linux servers
Reece Dike
samba at erd3.com
Tue Mar 10 18:24:00 GMT 2009
We are using a windows server 2003 active directory as our single sign
on server. I have been able to get our RHEL4U6 servers to authenticate
with active directory.
My concern is that the RID mapping to unix uid/gid range (15000-20000)
is stored locally on each machine in a tdb database. So far all of the
servers have produced the same mapping, but I do not think it is
guarantied. I think the fact that I do a wbinfo -u and wbinfo -g as part
of the setup and there have been no users/groups added to active
directory has made the mappings the same. I know that the uid/gid are
not being store in active directory(I did a 'dsquery * -scope base
-attrib *' on my id in active directory). Is there any way to guaranty
the RID to uid/gid mapping across several servers?
Thanks,
Reece Dike
Here is my smb.conf
[global]
workgroup = MYDOMAIN
server string = Samba Server Version %v
security = ADS
password server = 68.216.162.90
realm = MYDOMAIN.COM
passdb backend = tdbsam
load printers = yes
cups options = raw
template shell = /bin/false
server signing = autos
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind enum groups = yes
winbind enum users = yes
winbind separator = +
winbind use default domain = no
template homedir = /homes/%D/%U
template shell = /bin/bash
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[usbshare]
comment = Backups and Stuff
path = /usbdrive
valid users = +"MYDOMAIN+Domain Users"
read only = no
More information about the samba
mailing list