[Samba] Samba 4 problems

Brett Wynkoop wynkoop+samba at wynn.com
Fri Dec 19 02:06:18 MST 2014


On Fri, 19 Dec 2014 09:17:25 +0100
Tim <rintimtim at gmx.net> wrote:

> I think Rowland meant to use rfc2307 attributes in your domain.
> Therefore it is needed to provision your domain with --use-rfc2307
> parameter. When you have done this the schema doesn't need to be
> extended.

Hmmm well used rfc2307 on one of my previous attempts, but still saw no
way to set the UID to what I wanted them to be.  They were something
like 5 or 6 digit numbers. 

So is there a way to force a particular UID, meaning can I create
account smith with UID 553 in a Samba DC?

My plan is after I figure this out to script the process and
feed /etc/passwd into the AD.

At the moment I do not have an MS-Windows box here yet, so I can not
check what is shown in an MS-Windows control pannel. 

This task is in preparation for the arrival of a small flock of
ms-windows boxes that are coming in for a special project, but they
need to be integrated with the existing network of FreeBSD, Solaris,
GNU/Linux and Mac OSX boxes, all of which are suing NIS and NFS.  Since
they can all authenticate against LDAP and Kerberos (AKA AD) my plan is
to just move over to AD on a samba box, but if a user is on a
Windows box I need him to have the same UID on created files as if he
was on a Unix box.

Did I miss something with smbpasswd or pdbedit where I can set specific
UID just like I can by editing /etc/passwd?


Here is something interesting.....

root at prd2:/home/wynkoop # pdbedit -L | grep wynkoop
wynkoop:34:
root at prd2:/home/wynkoop # 

root at prd2:/home/wynkoop # id wynkoop
uid=34(wynkoop) gid=34(wynkoop) groups=34(wynkoop),0(wheel),80(www)
root at prd2:/home/wynkoop # 


root at prd2:/home/wynkoop # pdbedit -Lv wynkoop

(config output snipped)

ldb_wrap open of idmap.ldb
Home server: prd2
Home server: prd2
Unix username:        wynkoop
NT username:          
Account Flags:        [U          ]
User SID:             S-1-5-21-3503051414-2097048719-4239445089-1105
Primary Group SID:    S-1-5-21-3503051414-2097048719-4239445089-513
Full Name:            
Home Directory:       
HomeDir Drive:        (null)
Logon Script:         
Profile Path:         
Domain:               
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          0
Kickoff time:         never
Password last set:    Mon, 15 Dec 2014 15:17:39 EST
Password can change:  Mon, 15 Dec 2014 15:17:39 EST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Nowhere in the verbose output do I see 34, and then we have this:

root at prd2:/archive/test # ls -l
total 1
-rw-r--r--  1 3000014  wheel  236 Dec 19 03:50 hosts
root at prd2:/archive/test # 


Hosts was transferred into that directory using smbclient from another
box and as you can see the owner is a user that does not exist on the
system.  How the heck did it come up with a UID of  3000014?

So I think I am getting more confused as things go along.  I have a
mind to deinstall everything, remove all the database files and try
again from scratch, but that still leaves the burning question how do I
do something like this:

root at prd2:/archive/test # adduser
Username: bew
Full name: B^C
root at prd2:/archive/test # adduser
Username: example
Full name: Ex Ample
Uid (Leave empty for default): 554
Login group [example]: 
Login group is example. Invite example into other groups? []: 


with Samba.  I suppose I could drop back to samba 2 or 3, or run in
legacy mode, but that is not what I would consider optimal.

Thanks!

-Brett


-- 

wynkoop at wynn.com               http://prd4.wynn.com/wynkoop/pgp-keys.txt
917-642-6925
929-272-0000

A free people ought to be armed. - George Washington



More information about the samba mailing list