[Samba] Fwd: Can somebody explain the file ownership of a

Kosala Atapattu kosala.atapattu at gmail.com
Tue Jan 31 02:39:48 UTC 2017 

Hi Rowland,

Thanx for the response. For certain configurations idmap would be suitable,
in our case we cannot use idmap, as the OS users are AD users, where UIDs
and GIDs are mapped through Unix Attributes from AD and Samba mix up the
GID permissions with idmap from the tdb backend end and map incorrect GIDs.

I do not think the problem we have is related to the IDMAP, in fact the
GIDs and UIDs are the same for Samba / AD and AIX since they'r the same.
Shares obey GID permisions and UID permissions, except that shares need to
be **world readable**, which is not ideal in our case. We're unable to
explain, why it's need to be world readable!!!

Ko


*Kosala*



On Tue, Jan 31, 2017 at 10:48 AM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Tue, 31 Jan 2017 10:22:35 +1300
> Kosala Atapattu via samba <samba at lists.samba.org> wrote:
>
> > Hi All,
> >
> > We're implementing a fully integrated Samba setup with the Active
> > directory on IBM AIX. From AIX level we have established the single
> > sign on against Windows AD 2012R2. Currently the following user
> > accounts and groups exists on the AD domain.
> >
> > # cat /etc/samba/smb.conf
> > [global]
> >         security = ADS
> >         workgroup = PAPERCLIP
> >         realm = PAPERCLIP.SC.NZ <http://paperclip.sc.nz/>
> >         netbios name = UNIX732
> >         log file = /var/log/samba/%m.log
> >         log level = 5
> >         kerberos method = secrets and keytab
> >
> > [Bio]
> >         comment = Bio
> >         path = /test/bio/
> >         valid users = @PAPERCLIP\bio2
> >         writable = yes
> >         read only = no
> >         force create mode = 0660
> >         create mask = 0777
> >         directory mask = 0777
> >         force directory mode = 0770
> >
>
> I have never used AIX, but I would still expect to see something like
> this in smb.conf:
>
>     idmap config *:backend = tdb
>     idmap config *:range = 2000-9999
>
> And this:
>
>     idmap config PAPERCLIP : backend = ad
>     idmap config PAPERCLIP : schema_mode = rfc2307
>     idmap config PAPERCLIP : range = 10000-999999
>
> Or this:
>
>     idmap config PAPERCLIP : backend = rid
>     idmap config PAPERCLIP : range = 10000-999999
>
> I suggest you read this Samba wiki page:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> Then come back with any questions you may have.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list