[Samba] idmap config ad: can't resolve domain users' uids
Francesco Malvezzi
francesco.malvezzi at unimore.it
Fri Feb 16 13:26:57 UTC 2018
Il 16/02/18 13:43, Rowland Penny via samba ha scritto:
> On Fri, 16 Feb 2018 13:10:16 +0100
> Francesco Malvezzi via samba <samba at lists.samba.org> wrote:
>
>>
>> So just to recap: there were two problems:
>>
>> 1) the syntax mistake in smb.conf pointed up before;
>
> This wouldn't have helped.
>
>> 2) a logical mistake because wbinfo can't possibily work without the
>> full setup that includes the nss part.
>
> No, wbinfo will work without the libnss_winbind links, but the OS will
> not know who the AD users & groups are without the links.
Rowland, you are helping me a lot.
Let me make a step backwards.
The problem is bugging me is to allow Domain Users to access samba
shares (on a linux os) and to create file with the same uidNumber I have
put in the AD directory.
Domanin Users have been exported from a samba3-ldap domain.
In a samba3-ldap domain the trick to have files with the same ownership
[1] was to record the uidNumber data in the OpenLDAP.
How does it work in samba4? I started with
https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD and then I
have been populating the users' uidNumber ad attribute and the groups'
gidNumber.
So I was wrong starting talking about sssd, nss and so on. Those tools
are required to allow Domain Users to access linux server (ssh for
instance). I am more interested to deploy windows share on a samba4
server (a AD DC, actually) and to see users create file with the
familiar uidNumber and not the exotic number taken from the idmap.ldb
thank you,
Francesco
[1] means the same user, both as a linux user or as a Domain User,
create files with same uidNumber.
More information about the samba
mailing list