[Samba] winbind using active directory's unix attributes

ORTEGA DOMINGUEZ, GONZALO gonzalo.ortega at aernnova.com
Thu Nov 20 07:39:18 MST 2014



I’m using samba 3.5.8 on AIX .

Windows users can authenticate on my linux servers configured as ldap clients with Windows AD servers configured with Identity for Unix, so what I want is  use ldap unix attributes sid and gid so I can keep the same permissions on all servers (AIX + Linux).

I’m testing this configuration right now :


        idmap backend = tdb

        idmap config DOMAIN : backend  = ad

        idmap config DOMAIN : range = 65536-999999999

        idmap config DOMAIN : schema_mode = rfc2307


and it looks it works , I see on the aix server  file’s permissions set with user’s AD unix attributes ( uid and gid )and  when I access the file from windows I see the permission with the window user name.


thanks !


Gonzalo Ortega 


From: Jakub Kulesza [mailto:jakkul at gmail.com] 
Sent: Thursday, November 20, 2014 10:16 AM
Cc: samba at lists.samba.org
Subject: Re: [Samba] winbind using active directory's unix attributes


I had similar problem on a server that needed proper PAM to verify users for postgreSQL users. What I did, was setting up openldap working as a proxy for Samba4 internal LDAP and nss_ldap as a pam plugin. 

https://wiki.samba.org/index.php/Authenticating_other_services_against_AD this is relevant. 

What version of samba do you use? Can you post your smb.conf? Dou you have acl and user_xattr enabled on your filesystem?


2014-11-19 9:07 GMT+01:00 ORTEGA DOMINGUEZ, GONZALO <gonzalo.ortega at aernnova.com>:

We have  Windows AD configured  with identity for Unix so windows users
have their uid and gid set in the unix attributes tab of the Active

Aix server is joined to the AD successfully.

How can you make that Samba (winbind) uses  Windows user's uid and gid
set in the active directory's unix attributes tab?

I have tested several configurations but when I set permissions in samba
shares from windows clients in the aix server  I can not get to set the
uid and gid configure in the active directory's unix attributes tab.

Gonzalo Ortega

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


Jakub Kulesza

More information about the samba mailing list