[Samba] winbind using active directory's unix attributes
ORTEGA DOMINGUEZ, GONZALO
gonzalo.ortega at aernnova.com
Thu Nov 20 07:39:18 MST 2014
Hi,
I’m using samba 3.5.8 on AIX .
Windows users can authenticate on my linux servers configured as ldap clients with Windows AD servers configured with Identity for Unix, so what I want is use ldap unix attributes sid and gid so I can keep the same permissions on all servers (AIX + Linux).
I’m testing this configuration right now :
idmap backend = tdb
idmap config DOMAIN : backend = ad
idmap config DOMAIN : range = 65536-999999999
idmap config DOMAIN : schema_mode = rfc2307
and it looks it works , I see on the aix server file’s permissions set with user’s AD unix attributes ( uid and gid )and when I access the file from windows I see the permission with the window user name.
thanks !
Gonzalo Ortega
From: Jakub Kulesza [mailto:jakkul at gmail.com]
Sent: Thursday, November 20, 2014 10:16 AM
To: ORTEGA DOMINGUEZ, GONZALO
Cc: samba at lists.samba.org
Subject: Re: [Samba] winbind using active directory's unix attributes
I had similar problem on a server that needed proper PAM to verify users for postgreSQL users. What I did, was setting up openldap working as a proxy for Samba4 internal LDAP and nss_ldap as a pam plugin.
https://wiki.samba.org/index.php/Authenticating_other_services_against_AD this is relevant.
What version of samba do you use? Can you post your smb.conf? Dou you have acl and user_xattr enabled on your filesystem?
2014-11-19 9:07 GMT+01:00 ORTEGA DOMINGUEZ, GONZALO <gonzalo.ortega at aernnova.com>:
We have Windows AD configured with identity for Unix so windows users
have their uid and gid set in the unix attributes tab of the Active
directory.
Aix server is joined to the AD successfully.
How can you make that Samba (winbind) uses Windows user's uid and gid
set in the active directory's unix attributes tab?
I have tested several configurations but when I set permissions in samba
shares from windows clients in the aix server I can not get to set the
uid and gid configure in the active directory's unix attributes tab.
Gonzalo Ortega
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
Pozdrawiam
Jakub Kulesza
More information about the samba
mailing list