[Samba] Linux domain member server: Win group does not map to UNIX group

Cal Sawyer cal-s at blue-bolt.com
Fri Jun 15 08:12:38 MDT 2012

Hi, all

I've installed Version 3.5.10-0.109.el5_8 from the samba3x RPM for Win7
compatibility.  We are predominately a Linux shop and have only a
handful of Win7 (Pro/Ultimate) dual-boot workstations for running things
like Photoshop, etc

We run a fairly minimal LDAP backend for Linux auth/automount (no SASL
backend) and have not implemented a full Samba schema - i am waiting to
build an OpenLDAP 2.4 server with bells+whistles later and will
integrate Samba account mgmt into that.  Don't want to kill off our
mission-critical auth system

The PDC makes use of LDAP groups/users available to it without any
problem, and then i create corresponding tdbsam users for Windows access
and added mappings btwn LDAP and Windows domain groups with "net
groupmap add ntgroup".

The PDC also currently houses users' nethomes, which we share out. 
Anything created by a user under Windows in their homedir has correct
user/group permissions under Linux.  Nice.

However, on a domain member server sharing out production data, i am
unable to pick up the LDAP GID (UID is OK), so when viewed from the
Linux CLI, users' files/dirs are owned by [user] : "domain user",
instead of the mapped group.

Here's what i have tried on the member server:

- added the same net groupmap mappings as exist on the PDC
- disabled winbind (didn't seem to be doing any good)
- implemented idmap backend = nss with
    idmap config DOMAIN : backend  = nss
    idmap config DOMAIN : range = 1100-9999

but no luck.  If anyone can point me succinctly in the right direction,
i would surely appreciate it



More information about the samba mailing list