[Samba] Samba 4.10.6-1 Configuration on AIX
bwyatt_sub at comcast.net
Fri Feb 7 17:44:36 UTC 2020
Thanks for everything!
If I understand correctly, let's say that the user mydomain\bobw is the domain login.
Let's say that bobw is my UNIX login ID.
I can’t use bobw in my usermap file?
So I need to change my shares to a new ID and set that in my usermap file?
I don’t need to add bobw_smb to /etc/passwd?
Or do I need to add the user and need to set idmap user range to a range to be used for samba users?
Anything else I may be missing?
Thanks again for your patience!
From: Rowland penny <rpenny at samba.org>
Sent: Friday, February 7, 2020 3:26 AM
To: sambalist <samba at lists.samba.org>
Subject: Re: [Samba] Samba 4.10.6-1 Configuration on AIX
On 07/02/2020 02:27, Bob Wyatt wrote:
> Thanks again for the continued help...
> Current thinking is using rid for the backend does not place any new administrative functions on the staff - agree?
If by this, you mean that you do not have to add anything to AD, then
yes. You may have to add a couple of template lines to your smb.conf,
the defaults are:
template homedir = /home/%D/%U
template shell = /bin/false
With the above, your users will not be able login to the Unix computer
and will get a Unix homedirectory of /home/DOMAIN/username
> Begs questions of what is being written in smbpasswd, and do we have administrative work on AIX?
> Such as adding users and a group or two in the range specified for idmap? A mapping "table"?
You do not use smbpasswd and you need something else in smb.conf:
username map = /etc/samba/user.map
With '/etc/samba/user.map' containing '!root = DOMAIN\Administrator'
After this, using the 'rid' backend, all users and groups in AD become
Unix users and groups.
Basically it boils down to, forget most of what you know about Samba3
> If rid is hands-off administration, that's likely the way they want to go.
> Going with rid - security is still ads?
Yes, it is just a different winbind backend.
More information about the samba