[Samba] making manual idmap mapping

Paul Raines raines at nmr.mgh.harvard.edu
Wed Sep 28 13:07:55 UTC 2016

I am being forced by the upper management to tie our Linux system
logins to the corporate Windows Active Directory accounts. The
problem is our UNIX accounts do not match our corporate AD
accounts in either name or underlying UID.  For just plain
Linux login I solved this issue using OpenLDAP with SASL PassThru
so I can set my 'raines' user password in LDAP to be "{SASL}per2"
where per2 is my corporate account.

This does not help though with SAMBA.  I was hoping there was a way
to use samba idmap/winbind such that when someone logins into samba
on one of my Linux boxes configures to use our corporate AD realm
with say the 'per2' account it remaps that user to 'raines' in
file operations on the box.  Is there a way to do this with the
idmap ldap backend by manually editting each user record there
with the right mapping?  I can find no examples of this.

Paul Raines                     http://help.nmr.mgh.harvard.edu
MGH/MIT/HMS Athinoula A. Martinos Center for Biomedical Imaging
149 (2301) 13th Street     Charlestown, MA 02129	    USA

More information about the samba mailing list