[Samba] Fwd: Can somebody explain the file ownership of a
kosala.atapattu at gmail.com
Tue Jan 31 10:10:34 UTC 2017
Hi Rowland / All,
Thanx for all the support, and we finally resolved the problem. Here is
what worked out:
1. As Rowland suspected, the problem was the idmap. We're using KRB5LDAP
authentication, which is a NIS/NSS configuration. Our AD users ARE the OS
users, and they're are not defined in /etc/passwd.... however all the idmap
backends we tried map the wrong SID to UID/GID, which was causing the
2. However "idmap_nss" was intended for the same use case, although it's
poorly documentation, until we stumbled upon the option.
Now configuration works as expected.
On Tue, Jan 31, 2017 at 9:56 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Tue, 31 Jan 2017 15:39:48 +1300
> Kosala Atapattu <kosala.atapattu at gmail.com> wrote:
> > Hi Rowland,
> > Thanx for the response. For certain configurations idmap would be
> > suitable, in our case we cannot use idmap, as the OS users are AD
> > users, where UIDs and GIDs are mapped through Unix Attributes from AD
> > and Samba mix up the GID permissions with idmap from the tdb backend
> > end and map incorrect GIDs.
> Have you got Unix users with the same name as AD users ?
> If so, what you are trying to do will never work, you cannot have a
> user in /etc/passwd and AD.
> > I do not think the problem we have is related to the IDMAP, in fact
> > the GIDs and UIDs are the same for Samba / AD and AIX since they'r
> > the same. Shares obey GID permisions and UID permissions, except that
> > shares need to be **world readable**, which is not ideal in our case.
> > We're unable to explain, why it's need to be world readable!!!
> An AIX Unix user != an AD user with the same name.
> i.e. the AIX user 'fred' is NOT the AD user 'fred'
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba