[Samba] Allow user without uidNumber to access to a Samba member file server

Arnaud Cruzel a.cruzel at ifporient.org
Wed Mar 15 15:13:43 UTC 2017 

Le mercredi 15 mars 2017 à 13:17 +0000, Rowland Penny via samba a
écrit :
> On Wed, 15 Mar 2017 14:23:23 +0200
> Arnaud Cruzel via samba <samba at lists.samba.org> wrote:
> 
> > Hi everybody,
> > 
> > I have a samba server member for file sharing configured like
> > below. 
> > Domains controllers are on samba too. 
> > Every servers are on samba 4.5.3.
> > When I created the domain I activated rfc2307.
> > 
> > Now I think rfc2307 was a bad idea...
> > 
> 
> You could use the winbind 'rid' backend instead, this will mean that
> your users will get different 'IDs', so you will have to change the
> ownership of any files and directories stored on the fileserver.
> 
> You will also have to use 'template' lines in smb.conf for Unix home
> dirs and shell.
> 
> Rowland 
> 

Thanks for your answer.

OK, I tried that. After what there is no long problems for access to file server by an user without uidNumber.
But now it's impossible for unix client to access to samba shares on this server. I think because of uid are differents.
For information I didn't have to change shares owner, the server kept the same uids for users (I think because of caching ?)

What I did :

# diff smb.conf.ad smb.conf.rid 
37,39c37,39
<        idmap config IFPOAD:backend = ad
<        idmap config IFPOAD:schema_mode = rfc2307
<        idmap config IFPOAD:range = 10000-99999
---
> #       idmap config IFPOAD:backend = ad
> #       idmap config IFPOAD:schema_mode = rfc2307
> #       idmap config IFPOAD:range = 10000-99999
41,42c41,42
< #       idmap config IFPOAD : backend = rid
< #       idmap config IFPOAD : range = 10000-999999
---
>        idmap config IFPOAD : backend = rid
>        idmap config IFPOAD : range = 10000-999999
45,46c45,46
< #       winbind nss info = template
< #       template shell = /bin/bash
---
>        winbind nss info = template
>        template shell = /bin/bash
47a48,50
>        template homedir = /Users/%U
> 
> #       winbind nss info = rfc2307
49d51
<        winbind nss info = rfc2307
61c63
<        unix extensions = no
---
> #       unix extensions = no
75c77
<         #username map = /usr/local/samba/etc/user.map
---
>         username map = /usr/local/samba/etc/user.map

More information about the samba mailing list