[Samba] User and GRoup mapping
gaiseric.vandal at gmail.com
Wed Jan 13 15:14:10 MST 2010
On the PDC, both the unix and samba account info is on that machine.
The samba user info includes which is the local unix user. On the
member server, the samba account info is pulled from the PDC. Which
means that even both unix machines have identical unix accounts (e.g.
the same /etc/passwd and /etc/group file, or use NIS, NIS+ or LDAP)
winbind ignores this. Your member machine probably has an idmap
range - so that samba can assign unix uid and gid's for the "foreign"
samba accounts. (Even though you would think this isn't necessary.)
I found this wasn't so much a problem if most of the permission
management was handle on the unix level- but the moment you started
setting perms in windows the "rob 1000" and "rob 10020" became a
problem. This bugged me for years.
My first work around was to use LDAP for the IDMAP backend and then
manually edit the uid and gid fields in the idmap entries to match the
unix ones. In the end, I changed everything to an ldap backend and
changed the member server to a BDC.
On 01/13/10 16:39, Robert Steinmetz wrote:
> I have two servers running Samba, one as a Domain Controller one as a
> Member Server. Both are running Ubuntu 8.10 and running smbd, nmbd and
> winbindd using the tdb back end.
> I am having a problem understanding ID mapping. The mapping is not the
> same on both machines.
> On the Domain Controller
>> root at thelma:/etc/init.d# wbinfo -i 'ATLANTA\rob'
>> rob:*:1000:2003:Robert Steinmetz,,,:/home/ATLANTA/rob:/bin/false
>> root at thelma:/etc/init.d# wbinfo -i 'ATLANTA\trish'
> On the Member Server
>> root at louise:/etc/samba# wbinfo -i 'ATLANTA\rob'
>> root at louise:/etc/samba# wbinfo -i 'ATLANTA\trish'
> Note the different UID and GID
More information about the samba