[Samba] Mapping UIDs on Linux to same UID as AD-bound Mac is mapping to

Rowland penny rpenny at samba.org
Tue Feb 16 09:59:53 UTC 2016


On 16/02/16 09:32, Brett Randall wrote:
> Hi all
>
>   
>
> I have a Linux machine bound to AD, and a Mac bound to AD. Both have me log
> in with different UIDs for the same AD user. This makes sense, as AD doesn't
> have a UNIX-compliant uid/gid attribute.

Well as far as Samba is concerned it does and if you add SFU or IDMU to 
windows AD, it also does, i.e. uidNumber & gidNumber

>   
>
> One thing I have found that interests me is this:
>
>   
>
> https://books.google.com.au/books?id=yNILCwAAQBAJ
> <https://books.google.com.au/books?id=yNILCwAAQBAJ&pg=PA111&lpg=PA111&dq=mac
> +%22active+directory%22+%22directory+utility%22+mappings+uid&source=bl&ots=s
> 0fMZSMr8r&sig=uuyWWE-jzlimQ9U49sZ3KRDAXvI&hl=en&sa=X&ved=0ahUKEwi_q9uL-PvKAh
> XBkpQKHWvDBFkQ6AEIWjAH#v=onepage&q=mac%20%22active%20directory%22%20%22direc
> tory%20utility%22%20mappings%20uid&f=false>
> &pg=PA111&lpg=PA111&dq=mac+%22active+directory%22+%22directory+utility%22+ma
> ppings+uid&source=bl&ots=s0fMZSMr8r&sig=uuyWWE-jzlimQ9U49sZ3KRDAXvI&hl=en&sa
> =X&ved=0ahUKEwi_q9uL-PvKAhXBkpQKHWvDBFkQ6AEIWjAH#v=onepage&q=mac%20%22active
> %20directory%22%20%22directory%20utility%22%20mappings%20uid&f=false
>
>   
>
> Specifically:
>
>   
>
> "...it is important that every system bound to Active Directory resolves the
> same unique ID for any respective user. To accomplish this, Apple uses the
> first 32 bytes of the user's GUID to generate a numerical value used as a
> statically mapped value for the OS X unique ID."
>
>   
>
> So, since the Linux Samba is the one using sequential UIDs where it
> generates a new UID each time a new user is identified, and the Mac is using
> somewhat AD-generated UIDs, my preference is to somehow make Linux Samba
> work the same way that Apple generates UIDs.

Whilst something like this may happen sometime in the future, at the 
moment it doesn't. If you have a mixture of windows, mac and linux 
machines, you need to use RFC2307 attributes. There is a specific mac 
vfs module available for samba that may help you, this is vfs_fruit, 
never used it myself, but I am assured it helps.

>
>   
>
> Has anyone done this? Surely it's a simple formula to generate the same UID
> on Linux, but how would one make Samba use this? I've looked at the idmap
> attributes in smb.conf(5) and can't figure out where to start.

Have you tried reading the Samba wiki ?

See here: https://wiki.samba.org/index.php/Main_Page

Rowland

>   
>
> Thanks in advance
>
>   
>
> Brett
>




More information about the samba mailing list