[Samba] making manual idmap mapping

Rowland Penny rpenny at samba.org
Wed Sep 28 13:57:07 UTC 2016

On Wed, 28 Sep 2016 09:07:55 -0400 (EDT)
Paul Raines via samba <samba at lists.samba.org> wrote:

> I am being forced by the upper management to tie our Linux system
> logins to the corporate Windows Active Directory accounts. The
> problem is our UNIX accounts do not match our corporate AD
> accounts in either name or underlying UID.  For just plain
> Linux login I solved this issue using OpenLDAP with SASL PassThru
> so I can set my 'raines' user password in LDAP to be "{SASL}per2"
> where per2 is my corporate account.
> This does not help though with SAMBA.  I was hoping there was a way
> to use samba idmap/winbind such that when someone logins into samba
> on one of my Linux boxes configures to use our corporate AD realm
> with say the 'per2' account it remaps that user to 'raines' in
> file operations on the box.  Is there a way to do this with the
> idmap ldap backend by manually editting each user record there
> with the right mapping?  I can find no examples of this.

Read the 'username map' portion of 'man smb.conf'


More information about the samba mailing list