[Samba] idmap config ad: can't resolve domain users' uids
francesco.malvezzi at unimore.it
Fri Feb 16 13:26:57 UTC 2018
Il 16/02/18 13:43, Rowland Penny via samba ha scritto:
> On Fri, 16 Feb 2018 13:10:16 +0100
> Francesco Malvezzi via samba <samba at lists.samba.org> wrote:
>> So just to recap: there were two problems:
>> 1) the syntax mistake in smb.conf pointed up before;
> This wouldn't have helped.
>> 2) a logical mistake because wbinfo can't possibily work without the
>> full setup that includes the nss part.
> No, wbinfo will work without the libnss_winbind links, but the OS will
> not know who the AD users & groups are without the links.
Rowland, you are helping me a lot.
Let me make a step backwards.
The problem is bugging me is to allow Domain Users to access samba
shares (on a linux os) and to create file with the same uidNumber I have
put in the AD directory.
Domanin Users have been exported from a samba3-ldap domain.
In a samba3-ldap domain the trick to have files with the same ownership
 was to record the uidNumber data in the OpenLDAP.
How does it work in samba4? I started with
https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD and then I
have been populating the users' uidNumber ad attribute and the groups'
So I was wrong starting talking about sssd, nss and so on. Those tools
are required to allow Domain Users to access linux server (ssh for
instance). I am more interested to deploy windows share on a samba4
server (a AD DC, actually) and to see users create file with the
familiar uidNumber and not the exotic number taken from the idmap.ldb
 means the same user, both as a linux user or as a Domain User,
create files with same uidNumber.
More information about the samba