[Samba] problem map uuid users and group
Rowland Penny
rpenny at samba.org
Thu Jun 14 15:28:09 UTC 2018
On Thu, 14 Jun 2018 18:02:29 +0500
Шигапов Денис Вильданович via samba <samba at lists.samba.org> wrote:
> Hi,
> How to make the user id on the domain controller and the file server
> the same
>
> SERVER DC:
> [global]
> netbios name = SRV-DC02
> realm = EXAMPLE.RU
> workgroup = EXAMPLE
> server role = active directory domain controller
> log level = 2 auth_json_audit:3
> username map = /etc/samba/username_map
> vfs objects = acl_xattr
> store dos attributes = Yes
>
> [root at srv-dc02 ~]# id vas.lah at example.ru
> uid=3000416(EXAMPLE\vas.lah) gid=100(users)
> группы=100(users),3000416(EXAMPLE\vas.lah),3000051(EXAMPLE\domain
> admins),3000054(EXAMPLE\группа с запрещением репликации паролей
> rodc),3000055(EXAMPLE\администраторы wsus),3000056(EXAMPLE\wsus
> administrators),3000035(EXAMPLE\1c_links_ут),3000001(BUILTIN\users),3000000(BUILTIN\administrators),3000057(BUILTIN\performance
> log users),3000043(BUILTIN\performance monitor users)
>
>
>
> SHARE:
> [global]
> netbios name = SRV-SHARE
> workgroup = EXAMPLE
> realm = EXAMPLE.RU
> server string = %h rsync host
> # server role = member server
> security = ads
>
> [root at srv-share samba]# id vas.lah at example.ru
> uid=3188138(EXAMPLE.RU\vas.lah) gid=3000513(domain users)
> группы=3000513(domain users),3188138(EXAMPLE.RU\vas.lah),3109633(wsus
> administrators),3034556(1c_links_ут),3111123(администраторы
> wsus),3100572(группа с запрещением репликации паролей
> rodc),3100512(domain admins),3153446(администратор 4
> категории),3000001(BUILTIN\users),3000000(BUILTIN\administrators)
The first thing to do, remove these lines from the Samba AD DC:
username map = /etc/samba/username_map
vfs objects = acl_xattr
store dos attributes = Yes
They have no place in a Samba AD DC smb.conf.
There is only one way to have the same ID's everywhere on Unix and that
is to use the winbind 'ad' backend. This entails giving your users &
groups uidNumber & gidNumber attributes, then run 'net cache flush' on
the DC, most ID's will change.
You then need to set up the smb.conf correctly on the Unix domain
member (yours is correct as far as it goes, it just doesn't go far
enough).
Can I suggest you read this:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Anything you don't understand, or have questions about, please ask.
Rowland
More information about the samba
mailing list