[Samba] Samba 4.10.6-1 Configuration on AIX

Bob Wyatt bwyatt_sub at comcast.net
Thu Feb 13 06:54:10 UTC 2020


If you were up for another hint at rid versus ad... I'd like to understand a bit more.
With rid, I map the administrator to root only... no mapping of users in AIX.
How does Samba figure out that bobw at mydomain.com should use the samba user ID bobwsmb?

If I use ad, I would use rfc2307 attributes to address that (I think).

It seems more "specific" to use ad, but that's more from the "having some control" viewpoint than anything else.
Ideally, the customer would still strive for low administration, so is rid more suited for that approach than ad?
What are the reasons to use or choose to avoid rid or ad?

As always, your sage advise is very much appreciated! 


Bob Wyatt
-----Original Message-----
From: Rowland penny <rpenny at samba.org> 
Sent: Friday, February 7, 2020 12:45 PM
To: sambalist <samba at lists.samba.org>
Subject: Re: [Samba] Samba 4.10.6-1 Configuration on AIX

On 07/02/2020 16:26, Bob Wyatt wrote:
> Rowland,
> Thanks for everything!
> If I understand correctly, let's say that the user mydomain\bobw is the domain login.
> Let's say that bobw is my UNIX login ID.

If 'bobw' is in /etc/passwd and there is also a user in AD with the 
samaccountname 'bobw', then delete the one in /etc/passwd. You cannot 
have the same username in /etc/passwd and AD. If you add 'winbind use 
default domain = yes' to your smb.conf, then 'mydomain\bobw' will become 
just 'bobw'. For example, my record is in AD:

getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash

> I can’t use bobw in my usermap file?
> 	'!bobw=mydomain\bobw'
> So I need to change my shares to a new ID and set that in my usermap file?
> 	'!bobw_smb=mydomain\bobw'
You do not use usermaps any more, except for Administrator and yes, you 
may have to chown file ownership. There is a way around this though, but 
only if you have access to a domain DC, you give your users a uidNumber 
attribute and Domain Users a gidNumber attribute and then use the 
winbind 'ad' backend instead of 'rid'. You could use the IDs your users 
already have, if you want to go down this path, we can discuss this further.
> I don’t need to add bobw_smb to /etc/passwd?
Definitely not, as you have seen, Unix knows who I am, but 'cat 
/etc/passwd | grep rowland' returns nothing
> Or do I need to add the user and need to set idmap user range to a range to be used for samba users?
Changing the idmap range would only be of use if the winbind 'ad' 
backend is used, the 'rid' backend calculates the ID from the user or 
groups RID.
> Anything else I may be missing?
Possibly, but I do not do mind reading ;-)


More information about the samba mailing list