[Samba] ID mapping

Rowland Penny rowlandpenny at googlemail.com
Wed Apr 16 12:55:13 MDT 2014


On 16/04/14 19:12, Williams, Jeff wrote:
> [global]
>
>    workgroup = DACCSTU
>    netbios name = STUDENTS
>    server string = Student file server
>    security = user
>    encrypt passwords = yes
>    local master = yes
>    os level = 33
>    domain master = yes
>    preferred master = yes
>    domain logons = yes
>
>    hosts allow = 192.168. 127.
>    socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>    hostname lookups = yes
>
>    printcap name = cups
>    load printers = yes
>    printing = cups
>
>    log file = /var/log/samba/log.%U
>    log level = 1
>    max log size = 50
>
>    passdb backend = ldapsam
>    ldap admin dn = "cn=xxx,o=students.dacc.edu"
>    ldap delete dn = no
>    ldap ssl = off
>    ldap suffix = o=students.dacc.edu
>    ldap passwd sync = yes
>    ldap user suffix = ou=Users
>    ldap group suffix = ou=Groups
>    ldap machine suffix = ou=Computers
>
>    passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *all*authentication*tokens*updated*
>    passwd program = /usr/local/sbin/smbldap-passwd %u
>
>    logon drive = H:
>    logon home = \\students\%U
>    logon path = \\students\Profiles\%U
>    logon script = logon.vbs
>
>    wins support = no
>    wins server = 192.168.1.5
>    wins proxy = no
>    dns proxy = no
>
>    add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
>
>    utmp = yes
>
>    dos filemode = yes
>
>    map archive = no
>    map hidden = no
>    map read only = no
>    map system = no
>    store dos attributes = yes
>
>    wide links = yes
>    unix extensions = no
>
>    idmap config * : backend = tdb
>    idmap config * : range = 1000-89000
>    idmap config DACCEMP : backend = rid
>    idmap config DACCEMP : range = 90000-99000
>    winbind enum users = no
>    winbind enum groups = no
>
> #============================ Share Definitions
> ==============================
> [homes]
>     comment = Home Directories
>     browseable = no
>     writable = yes
>     path = /home/students/%U
>
> [netlogon]
>     comment = Network Logon Service
>     path = /home/netlogon
>     guest ok = yes
>     writable = yes
>     write list = Administrator jeff
>     locking = no
>     public = yes
>     browseable = no
>     default case = lower
>     case sensitive = no
>     preserve case = yes
>     short preserve case = yes
>
> [Profiles]
>     path = /home/profiles
>     browseable = no
>     guest ok = yes
>     writeable = yes
>     read only = no
>     create mask = 0600
>     directory mask = 0700
>
>
OK, it would seem that you are running an NT4 PDC, with an LDAP backend, 
where no doubt you have uidNumber's & gidNumbers, so why are are you 
using winbind to pull the users info from LDAP ??

It has been some time since I last set up a PDC, but I cannot remember 
adding all the idmap lines, in fact I seem to remember that the only 
idmap line was  something like 'ldap idmap suffix = ou=idmap'

You should probably also remove the 'socket options' line, it is, as 
described by one of the devs, voodoo and not required.

Rowland



More information about the samba mailing list