[Samba] Shares not accessible when using FQDN
Gaetan SLONGO
gslongo at it-optics.com
Wed Aug 30 09:25:04 UTC 2017
Rowland,
Yes, I mean uidNumber and gidNumber.
I'm aware I need to work with AD but at this time I need my unix IDs (on NSS) to keep services working. Not only for files ownership, but also for some other services. Yeah, that's complex...
If I undestand well, the best way to do is to join the server using "net ads join" and use nss_winbind. This what I do but I only use the NSS LDAP backend instead of NSS (to keep correct ownership).
This will be cleaned in the future (within next migration steps) but for now I think I have no other choice beacause it seems I cannot obtain unix IDs through Winbind on a domain member (or maybe I missed the solution??).
Thanks
----- Mail original -----
De: "Rowland Penny via samba" <samba at lists.samba.org>
À: samba at lists.samba.org
Envoyé: Mercredi 30 Août 2017 11:00:18
Objet : Re: [Samba] Shares not accessible when using FQDN
On Wed, 30 Aug 2017 10:43:39 +0200 (CEST)
Gaetan SLONGO <gslongo at it-optics.com> wrote:
> Hi Rowland,
>
>
> Thank you for your answer.
> I think I have found a solution which could solve the issue until the
> next migration step. It tested it on another server which is not
> critital :
>
>
>
>
> * Joining the server as a member and setup the shares as you
> suggest
> * Use nss_ldap instead of nss_winbind (idmap) which will pick my
> unix ids
Well 'nss_ldap' is not supported by Samba and normally anything that it
can do, can also be done by winbind. What I am wondering about is what
you are calling 'unix ids', where are these coming from ? are they
from 'uidNumber' & 'gidNumber' attributes stored in AD or
from /etc/passwd & /etc/group ?
If the later, are you aware that you cannot have a user with the same
name in AD and /etc/passwd.
I think you may be trying to 'bend' AD to fit in with the old way
Samba worked as a PDC or standalone, this is doomed to ultimate
failure in my opinion. You need to work with AD, this will make things
easier in the long run.
>
>
> In this setup it seems I can access to the shares with any DNS
> aliases/CNAME
You should be able do this using winbind.
>
>
> I know it is not a very proper setup but it seem to work and we can
> do it quickly
Yes, but will it be reliable in the long run ?
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list