On 17/01/2011 12:31 p.m., Andrew Bartlett wrote:
On Sat, 2011-01-15 at 14:22 +1300, Wei-Tsun Sun wrote:
On 15/01/2011 1:50 p.m., Taylor, Jonn wrote:
On 01/14/2011 02:04 PM, Wei-Tsun Sun wrote:
Did a git-pull and built samba4, up and running with winbind.
I have a file server, which will be access by windows. Say I have a
user named "abcde" (uid = 1000), under group "abcde) (gid = 1000).
When I created a user with samba-too (samba-tool newuser abcde xxxxx),
it creates an account "abcde" with mapped uid 300018 under group user
users.
I am really wondering if there is anyway to make the "abcde" created
under samba to link with the "abcde" in my local linux.
I have :
idmap config SAMDOM: default = yes
idmap config SAMDOM: backend = tdb
idmap config SAMDOM: range = 1000-20000
in my smb.conf
But it seems the uid goes anywhere not near 1000.
Cheers.
Have a look at http://wiki.samba.org/index.php/Samba4/Winbind
Jonn
I did, that is why I am bringing this up. In the "Testing" section:
#id Administrator
uid=0(root) gid=100(users) groupes=0(root),100(users),3000004(Group
Policy Creator Owners),3000008(Domain Admins)
ID Administrator is not duplicated with the user name in the system.
However, "abcde", which is already in my system with uid 1000, and the
one created by the samba-tool is with uid 300018.
When I
$id abcde
, I get abcde from the system but not from the samba4. Furthermore,
files created via samba by the uid 300018 is not deletable by user uid 1000.
Correct. Samba4 uses it's own uid and gid space, and manages all
aspects of the user. You could edit the idmap.ldb I suppose.
Eventually we will get this back into the directory to make this easier
to administer.
Andrew Bartlett
Thank you very much Andrew, this really gives me an idea how to do it:
From Samba4 HowTo, the last part of Step 1: Adding user into Samba 4
Active Directory :
http://wiki.samba.org/index.php/Samba4/HOWTO#Step_1:_Adding_user_into_Samba_4_Active_Directory
Since uid/gid spaces are different from the local system and samba,
therefore one can change the
samba user's uid/gid to the local system's ones, without conflicting
(that I suppose).
uid and gid are stored in idmap.ldb (thanks Andrew!) and can be edited
by using ldbedit.
So the steps are as follows, based on user name "abcde" with gid = 1000
and uid = 1000 on the local system:
1. If the user does not exist in samba4, create it :
samba-tool newuser abcde
2. SID of abcde can be found from
wbinfo -n abcde
(say it turns S-1-5-21-3374259721-1964127243-1665914219-1106 SID_USER (1) )
3. Edit the UID with the SID we just got
ldbedit -e emacs -H path_to_/idmap.ldb
objectsid=S-1-5-21-3374259721-1964127243-1665914219-1106
Change the xidNumber to 1000
4. Each "normal" users belongs at least two groups, one is user itself
and another one is "user", to find the "user" group, one can:
wbinfo --user-sids=S-1-5-21-3374259721-1964127243-1665914219-1106
It will gets
S-1-5-21-3374259721-1964127243-1665914219-1106
S-1-5-21-3374259721-1964127243-1665914219-513
And the S-1-5-21-3374259721-1964127243-1665914219-513 is the identifier
of the "user" group.
5. Use ldbedit to do the trick again
ldbedit -e emacs -H path_to_/idmap.ldb
objectsid=S-1-5-21-3374259721-1964127243-1665914219-513
Change xidNumber to 1000 as well
6. Then restart the samba4 service. Done!
Cheers,
Wei-Tsun Sun
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
