[Samba] Samba 4 without winbind
Rowland Penny
rpenny at samba.org
Mon Sep 19 17:53:20 UTC 2022
On 19/09/2022 18:17, Shannon Price via samba wrote:
>
> I've had some progress on this using autorid and rid. A few issues however.
>
> My home directory and other folders grant permissions to my NIS UID, but with Winbind, my files are written using the UID that was generated by idmap, so files I write have a different owner or I don't have permission at all to write to existing folders.
Yes, I expected this, which is why I tried to steer you to the 'ad'
backend where you can set the NIS user ID as the users uidNumber
attribute (the same goes for groups, but you would the groups NIS ID for
the groups gidNumber attribute)
>
> Winbind doesn't recognize all of my group memberships (even for non-nested groups). I can query specific groups via wbinfo and see my name in the group, but when I restrict a share using a flat AD group, it does not give me access. If I share using "Domain Users", this works.
Are these groups in AD ? I ask because winbind will ignore any groups
that are not in AD and any that are outside the range set in smb.conf
I used '10000-999999' in my examples, so any group ID that is larger
than '999999' will be ignored. The 'rid' backend idmap ID is calculated
like this:
ID = RID + LOW_RANGE_ID
So if the groups RID is 11107, this would be
21107 = 11107 + 10000
The same calculation is used for users and 'autorid' works in much the
same way, but it uses a different calculation using the RID.
Rowland
More information about the samba
mailing list