[Samba] Fwd: Can somebody explain the file ownership of a

Kosala Atapattu kosala.atapattu at gmail.com
Tue Jan 31 10:10:34 UTC 2017


Hi Rowland / All,

Thanx for all the support, and we finally resolved the problem. Here is
what worked out:

1. As Rowland suspected, the problem was the idmap. We're using KRB5LDAP
authentication, which is a NIS/NSS configuration. Our AD users ARE the OS
users, and they're are not defined in /etc/passwd.... however all the idmap
backends we tried map the wrong SID to UID/GID, which was causing the
problem.

2. However "idmap_nss" was intended for the same use case, although it's
poorly documentation, until we stumbled upon the option.
https://www.samba.org/samba/docs/man/manpages-3/idmap_nss.8.html

Now configuration works as expected.

Cheers,
Ko


*Kosala*



On Tue, Jan 31, 2017 at 9:56 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Tue, 31 Jan 2017 15:39:48 +1300
> Kosala Atapattu <kosala.atapattu at gmail.com> wrote:
>
> > Hi Rowland,
> >
> > Thanx for the response. For certain configurations idmap would be
> > suitable, in our case we cannot use idmap, as the OS users are AD
> > users, where UIDs and GIDs are mapped through Unix Attributes from AD
> > and Samba mix up the GID permissions with idmap from the tdb backend
> > end and map incorrect GIDs.
>
> Have you got Unix users with the same name as AD users ?
> If so, what you are trying to do will never work, you cannot have a
> user in /etc/passwd and AD.
>
> >
> > I do not think the problem we have is related to the IDMAP, in fact
> > the GIDs and UIDs are the same for Samba / AD and AIX since they'r
> > the same. Shares obey GID permisions and UID permissions, except that
> > shares need to be **world readable**, which is not ideal in our case.
> > We're unable to explain, why it's need to be world readable!!!
>
> An AIX Unix user != an AD user with the same name.
> i.e. the AIX user 'fred' is NOT the AD user 'fred'
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list