[Samba] Samba domain member server using only nss ldap
Alex Domoradov
alex.hha at gmail.com
Wed Feb 15 08:21:29 MST 2012
I have NT4 domain on samba-3.x integrated with LDAP. I need to use domain
users in the shares permissions
On the domain member server I have the following smb.conf
[global]
workgroup = W3
server string = File server
netbios name = FS1
security = domain
load printers = no
show add printer wizard = no
printcap name = /dev/null
disable spoolss = yes
log file = /var/log/samba/samba.log
max log size = 50000
encrypt passwords = yes
winbind trusted domains only = yes
idmap backend = ldap:"ldap://pdc.w3.lan/"
ldap idmap suffix = ou=idmap
idmap uid = 50000-500000
idmap gid = 50000-500000
ldapsam:trusted = yes
ldapsam:editposix = yes
ldap suffix = dc=w3,dc=lan
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap admin dn = "cn=root,dc=w3,dc=lan"
ldap ssl = no
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
enable privileges = yes
os level = 8
local master = no
domain master = no
preferred master = no
domain logons = no
wins server = 192.168.210.104
dns proxy = yes
client ntlmv2 auth = yes
client plaintext auth = no
lanman auth = no
lm announce = no
deadtime = 15
display charset = utf8
unix charset = utf8
dos charset = cp866
log level = 3
host msdfs = no
[Test]
comment = Test
path = /data/production/Test/
public = yes
guest ok = no
valid users = @W3\w3-nssldap
write list = @W3\w3-nssldap
browseable = yes
force create mode = 0770
create mode = 0770
force directory mode = 0770
directory mode = 0770
create mask = 0660
directory mask = 0770
force group = @W3\w3-nssldap
# cat /etc/nsswitch.conf | grep ldap
passwd: files ldap
shadow: files ldap
group: files ldap
When I create any folder in the share Test I get the following uid/gid
# ls -l
total 4
drwxrwx--- 2 nssldap 321909 4096 Feb 15 17:00 test
# ls -ln
total 4
drwxrwx--- 2 1890 321909 4096 Feb 15 17:00 test
# getent group | grep ^w3-nssldap
w3-nssldap:*:1354:nssldap
# id nssldap
uid=1890(nssldap) gid=1354(w3-nssldap) groups=1354(w3-nssldap),513(Domain
Users)
# wbinfo --name-to-sid=nssldap
S-1-5-21-250625134-237382211-2379110221-4780 SID_USER (1)
# wbinfo --sid-to-uid=S-1-5-21-250625134-237382211-2379110221-4780
50290
It's seems that samba get uid from LDAP and gid from winbind. So my
question is - Is it possible to use only nss ldap on domain member server
to mapping uid/gid?
More information about the samba
mailing list