[Samba] ID mapping
Rowland Penny
rowlandpenny at googlemail.com
Wed Apr 16 12:55:13 MDT 2014
On 16/04/14 19:12, Williams, Jeff wrote:
> [global]
>
> workgroup = DACCSTU
> netbios name = STUDENTS
> server string = Student file server
> security = user
> encrypt passwords = yes
> local master = yes
> os level = 33
> domain master = yes
> preferred master = yes
> domain logons = yes
>
> hosts allow = 192.168. 127.
> socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> hostname lookups = yes
>
> printcap name = cups
> load printers = yes
> printing = cups
>
> log file = /var/log/samba/log.%U
> log level = 1
> max log size = 50
>
> passdb backend = ldapsam
> ldap admin dn = "cn=xxx,o=students.dacc.edu"
> ldap delete dn = no
> ldap ssl = off
> ldap suffix = o=students.dacc.edu
> ldap passwd sync = yes
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers
>
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *all*authentication*tokens*updated*
> passwd program = /usr/local/sbin/smbldap-passwd %u
>
> logon drive = H:
> logon home = \\students\%U
> logon path = \\students\Profiles\%U
> logon script = logon.vbs
>
> wins support = no
> wins server = 192.168.1.5
> wins proxy = no
> dns proxy = no
>
> add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
>
> utmp = yes
>
> dos filemode = yes
>
> map archive = no
> map hidden = no
> map read only = no
> map system = no
> store dos attributes = yes
>
> wide links = yes
> unix extensions = no
>
> idmap config * : backend = tdb
> idmap config * : range = 1000-89000
> idmap config DACCEMP : backend = rid
> idmap config DACCEMP : range = 90000-99000
> winbind enum users = no
> winbind enum groups = no
>
> #============================ Share Definitions
> ==============================
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> path = /home/students/%U
>
> [netlogon]
> comment = Network Logon Service
> path = /home/netlogon
> guest ok = yes
> writable = yes
> write list = Administrator jeff
> locking = no
> public = yes
> browseable = no
> default case = lower
> case sensitive = no
> preserve case = yes
> short preserve case = yes
>
> [Profiles]
> path = /home/profiles
> browseable = no
> guest ok = yes
> writeable = yes
> read only = no
> create mask = 0600
> directory mask = 0700
>
>
OK, it would seem that you are running an NT4 PDC, with an LDAP backend,
where no doubt you have uidNumber's & gidNumbers, so why are are you
using winbind to pull the users info from LDAP ??
It has been some time since I last set up a PDC, but I cannot remember
adding all the idmap lines, in fact I seem to remember that the only
idmap line was something like 'ldap idmap suffix = ou=idmap'
You should probably also remove the 'socket options' line, it is, as
described by one of the devs, voodoo and not required.
Rowland
More information about the samba
mailing list