[Samba] Consistent Inter-Samba UID/GID Mappings

chris.hayes at proporta.com chris.hayes at proporta.com
Mon Jul 29 17:36:52 MDT 2013


Hi everyone,

I'm trying to ensure my various Samba3 fileservers have consistent 
Samba User/Group -> Linux UID/GID mappings between them. The domain is 
controlled by a Samba4 DC.

Samba3 is used because it's maintained in the distributions that we 
have deployed already.

I believe that using Winbind with idmap_rid is probably the easiest way 
to accomplish this, however I have had no luck with this after spending 
hours trying different configurations. And after searching online, it 
appeared that several people have suggested that this idmap backend no 
longer works in 3.6, and that explicitly stored mappings (via RFC2307 / 
SFU) is now considered the appropriate way to do what I'm wanting.

Can anyone confirm this?

In an attempt to implement RFC2307 in the Samba directory, I rebuilt my 
test domain (Samba4) using the --use-rfc2307 option in the samba-tool 
domain provision command.

"The --use-rfc2307 option enables your Samba AD automatically to store 
posix attributes."
  -- 
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Provisioning_Samba_.28Setting_up_a_new_domain.29

This sounded like it would work perfectly for my needs. However it 
doesn't. I'd hoped that it would ensure that any new user or group is 
automagically assigned a uidNumber or gidNumber, etc. Currently I'm 
using RSAT to administer the directory.

I'm rather hoping that someone can point out something important that 
I've not realised. Any information would be enthusiastically received. 
I'll update this with further information tomorrow (Samba versions -- I 
believe that the DC is 4.0.6 and the fileserver 3.6.3).

Thanks for your time.
Chris


More information about the samba mailing list