[Samba] samba 4 userid mapping

Nick B nickninevah at gmail.com
Tue Jul 9 19:22:28 MDT 2013 

Complete new user here.  Setting up my first samba configuration, using
samba 4.0.6 as a primary domain controller.  I have user profiles, network
shares, active directory, and domain controller working.  But I can not
understand how to map windows userid to linux userid (and map groupid as
well).  I am struggling because much of the documentation is outdated and
meant for samba 3.x or targetted for samba as a domain member.  I followed
some documentation to try the userid mapping through active directory, but
that required Microsoft services for Unix 3.5, which will not install on 64
versions of MS.  I find myself without any orientation of how to proceed.

I am suffering from documentation overload, much of it contradictory or not
applicable.  I am not even sure how to use winbind, or if that is required
for my situation.  I really need a simple step by step howto that is
specific to samba 4 as a PDC.  If you want to reference documentation,
great, but please reference specific sections instead of whole general
chapters.  Any help greatly appreciated.  Thank you.

Configuration information follows:

Server
--------------------------------
OS:  OpenSuSE 12.1, 64 bit
Samba:  Samba 4.0.6
Configuration:  Primary domain controller with active directory support
Using BIND 9 DNS server
--------------------------------

Client
--------------------------------
OS:  Windows 7 Professional, 64 bit
--------------------------------

Samba configuration file
--------------------------------

# Global parameters

[global]

workgroup = MYDOMAIN

realm = MYDOMAIN.ORG

netbios name = SERVER

wins support = Yes

server role = active directory domain controller

server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind,
ntp_signd, kcc, dnsupdate

encrypt passwords = yes

 # Setup user maps

idmap config * : backend = tdb

idmap config * : range = 100000-199999

idmap config MYDOMAIN : backend = ad

idmap config MYDOMAIN : schema_mode = rfc2307

idmap config MYDOMAIN : range = 50000-99999

winbind nss info = rfc2307

winbind trusted domains only = No

winbind use default domain = Yes

winbind enum users = Yes

winbind enum groups = Yes

# Logon path tells samba where to put Windows roaming profiles

logon path = \\%h\profiles\%u

  # Logon home is used to specify home directory and

# Windows 95/98/ME roaming profile location

logon home = \\%h\%u\.win_profiles

# Allow Samba to send correct time to windows

time server = Yes

# Set logging options

log file = /var/log/samba/log.odeon

# Shares configurations follows.  Not included for brevity . . .
--------------------------------

More information about the samba mailing list