[Samba] Samba 4.10.6-1 Configuration on AIX

Rowland penny rpenny at samba.org
Fri Feb 7 17:44:31 UTC 2020

On 07/02/2020 16:26, Bob Wyatt wrote:
> Rowland,
> Thanks for everything!
> If I understand correctly, let's say that the user mydomain\bobw is the domain login.
> Let's say that bobw is my UNIX login ID.

If 'bobw' is in /etc/passwd and there is also a user in AD with the 
samaccountname 'bobw', then delete the one in /etc/passwd. You cannot 
have the same username in /etc/passwd and AD. If you add 'winbind use 
default domain = yes' to your smb.conf, then 'mydomain\bobw' will become 
just 'bobw'. For example, my record is in AD:

getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash

> I can’t use bobw in my usermap file?
> 	'!bobw=mydomain\bobw'
> So I need to change my shares to a new ID and set that in my usermap file?
> 	'!bobw_smb=mydomain\bobw'
You do not use usermaps any more, except for Administrator and yes, you 
may have to chown file ownership. There is a way around this though, but 
only if you have access to a domain DC, you give your users a uidNumber 
attribute and Domain Users a gidNumber attribute and then use the 
winbind 'ad' backend instead of 'rid'. You could use the IDs your users 
already have, if you want to go down this path, we can discuss this further.
> I don’t need to add bobw_smb to /etc/passwd?
Definitely not, as you have seen, Unix knows who I am, but 'cat 
/etc/passwd | grep rowland' returns nothing
> Or do I need to add the user and need to set idmap user range to a range to be used for samba users?
Changing the idmap range would only be of use if the winbind 'ad' 
backend is used, the 'rid' backend calculates the ID from the user or 
groups RID.
> Anything else I may be missing?
Possibly, but I do not do mind reading ;-)


More information about the samba mailing list