[Samba] Using samba AD in mixed OS environment

Christian Naumer cn at brain-biotech.de
Mon Apr 30 12:08:56 UTC 2018


Am 29.04.2018 um 12:35 schrieb Zdravko Zdravkov via samba:

> [sssd]
>> domains = xxxx
>> config_file_version = 2
>> services = nss, pam
>> [domain/xxxx]
>> ad_domain = xxxx
>> krb5_realm = XXXX
>> realmd_tags = manages-system joined-with-samba
>> cache_credentials = True
>> id_provider = ad
>> krb5_store_password_if_offline = True
>> default_shell = /bin/bash
>> ldap_id_mapping = True

This I think is you problem.


>From the man manpage :

By default, the AD provider will map UID and GID values from the
objectSID parameter in Active Directory. For details on this, see the
"ID MAPPING" section below. If you want to disable ID mapping and
instead rely on POSIX attributes defined in Active Directory, you should set

ldap_id_mapping = False



>> use_fully_qualified_names = False
>> fallback_homedir = /home/%u
>> access_provider = ad
>
>
>
> *nsswitch.conf* on client (part of it)
>
> passwd:     files sss
>> shadow:     files sss
>> group:      files sss
>
>
>
>
> getent passwd pj (for example) provides this:
>
> pj:*:1115001179:1115000513:xxxxxx:/home/pj:/bin/bash


What are the numbers that you are seeing if a user creates a file on
windows? What numbers if any have you configured in the AD for UID and GID?

Regards


Christian

-- 
Dr. Christian Naumer
Research Scientist
Plattform-Koordinator Bioprozesstechnik

B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.de, homepage www.brain-biotech.de
fon +49-6251-9331-30  /   fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Frank Goebel
Aufsichtsratsvorsitzender: Dr. Ludger Mueller



More information about the samba mailing list