[Samba] help needed about SID to UID/GID mapping
Thomas Nau
Thomas.Nau at uni-ulm.de
Wed Apr 6 13:05:39 MDT 2011
Dear all
I need some advise with respect to SID/UID/GID mapping.
The server runs Samba 3.5.8 as a member of an AD (w2k8)
domain. Our UNIX UIDs are taken from the 1000-60000 range
with about 10000 allocated accounts. 99% of user IDs
exist in AD with the same name. For that reason we rely
on the "nss" idmap backend which is non-allocating.
The problem comes with the group mappings. Several UNIX
groups exist on the AD side but with different names. E.g.
kizinfra versus "Abteilung Infrastrktur"
so the "nss" backend cannot map the AD group SIDs to
GIDs and vice versa.
Is there any way to create a static mapping table for groups?
Tried "wbinfo --set-gid-mapping gid,sid" as well as "net groupmap"
but it didn't work. Replacing the "nss" backend by "tdb"
allocates new GID/UIDs but how would I make sure that
existing ones are mapped correctly given the above mentioned
name "conflicts".
Looking at the manpages I also got the impression that
I could use both an non-allocating backend and a allocating
as fallback but I also didn't manage to get it working.
Any hints are greatly appreciated!
Thomas
More information about the samba
mailing list