[Samba] Some Clarification?

Stuart Sheldon stu at actusa.net
Fri Apr 12 09:40:17 MDT 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi All,

I've been playing with Samba 4.0.x in the lab for about a week or so,
and have figured out a reasonable portion of the required settings to
also use the AD server as a Unix server. I do have some additional
questions regarding scaling that I have not found the answers to. I'm
hoping you good folks can steer me in the right direction, or confirm my
ideas of how this whole AD Controller thing works...

I'm using winbind for Unix authentication via PAM, and have configured
NSS to use winbind for passwd and group enumeration. Took me quite a
while to figure out that users would need to auth into kerberos before
winbind would return info to NSS. Someone might want to update the wiki
on that... I do have some questions though regarding winbind and idmaps
in 4.0.5:

We currently deploy OpenLDAP as our core user management platform. This
has allowed us to avoid the need for winbind and the whole 3.x issue of
idmaps varying between our Linux systems. I've been trying to figure out
if the whole idmap sync issue is solved in 4.0.x? Can I just use the
default smb.conf generated settings for winbind and idmap and still have
consistent mappings between different hosts? If not, how can I
accomplish this in 4.0.x?

One other thing I noticed, was that when the Windows AD tools are used
to create a user and home directory, the permissions are a bit funky...
If a user logs into the system via ssh or at the console, then are
unable to create files in their home directory. I resolved this by
setting the ACLs in the home root to give the desired permissions when
the user first logs in via console or ssh, but if the directory is
created by the Windows GUI, it basically locks out writes for the user
in their own home directory in a shell.  Is their any plan to correct
this in future releases?

That's it for now, I'm sure the answers will bring me back with more
questions.

Thanks to all who will respond...

Stu

Stuart Sheldon
ACT USA


- -- 
"Sometimes I lie awake at night and I ask, "Why me?", then a voice
answers "Nothing personal, your name just happened to come up."
              -- Charles M. Schulz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRaCreAAoJEFKVLITDJSGSZ6cQAIrdUt/k47ZkKN1QWOi15I9n
+/WHVgeBxS77xcWT1AcHTuexYbfrpaNICE947CJkSqVokG1utoNdrX2VZNMC88QK
puvqGi2fo87IU8uxcUKGI9MD5+3fJzQ00JOMiSQQ4AuwCR+k6yAaCttdaVXY4Q1x
dY0ieYsuzzwrk/RpYMuMOLAhBTnXL6d4Eznlt+f43cxK3hD6LAjjMDLj6jabIHRc
BUk+6iUnSdNodMhC8VnuTtGif04J+W4POuONwQLCWfDm5RV2ohKnECjsicogOovB
eejxIa8QRYtDCzq7F95lntR8pk5TsamRuOvTw8luIHpoZ1txHJlhFRd72ecHdbnt
R5dHwk8W7UOkwIrQ663gI2OT8XFywSqNzMY2MEc3YyOeaWU3mC0qIWJakTxBdAHn
BMwV3rQijxCZvCAWDfUh8Bxw534fl9S1q2rxFK0AWB1tKr3ksy0GHQIu2zCQGD7E
ilfd8/wx4Ganq4jgCX+INui6DmF7by8y5LGF28Iaaf/t24SNESu5oX/GSMFfK2Sg
kB66J5GJbglBPw+aovI9yXClOP4CZNOI4n2xI2KpLRJ0b2X3lZZDmXExdgLFLWyp
RUFtBewgEb2it419qKSwbxFx1MU4OwlCbv7rez9fxr+r5Ii5WnAADwnSW/rYC97B
HwU0k6xly5I2+IH5x7aT
=1zJt
-----END PGP SIGNATURE-----

More information about the samba mailing list