On 03/08/12 11:03, Gémes Géza wrote:
2012-08-03 10:22 keltezéssel, steve írta:
On 03/08/12 09:01, NdK wrote:
Il 03/08/2012 08:01, steve ha scritto:
getent passwd/group works fine. I get the names and coresponding
uid:gid
numbers within the range specified in smb.conf but all I get when I
list
files on the nfs share, are numerical uid:gid values. I want those
values to be DOMAIN\username DOMAIN\group rather than numerical values.
How do I do that?
Use *the same* range on both server and clients.
Hi Diego
Thanks for your patience in helping me sort this.
It doesn't seem to matter. I can have the same id range on both server
and client. What is uid 3000027 on the server becomes uid 3000002 on
the client.
The uid:gid values are not in the range set in smb.conf. They are the
uid:gid values in idmap _on the server_. Its as if nsswitch is ignoring
winbind.
Obvious. NFS passes *numeric* IDs, so if a file is owned by userid
123456 on the server, then the client will see the same 123456 uid.
That, if not correctly mapped, would give another user access to it
(negating access to the original one).
That's exactly my point. My 3000027 maps correctly to DOMAIN\steve2 on
the server but getent passwd on the client gives DOMAIN\steve2 as
3000002. If steve2 logs in and creates a file it becomes uid 3000027
and _not_ 3000002. If winbind is doing the mapping correctly it should
map 3000027 to 3000002 and when I list a file that I have made it
should give me back a uid of DOMAIN\steve2. It doesn't. The file
created has uid 3000027 which works _but_ I want to see uid's as
names, not numbers.
I've also tried adding posixAccount, uidNumber and gidNumber to pull
the uid:gid directly from AD with:
idmap config * : backend = ad
but then, getent passwd gives me no list of users.
Really stuck on this one. . .
The client is Ubuntu 12.04 with samba 3.6.3. Maybe 3.6.3 has bugs?
Cheers,
steve
Please try with
idmap backend = tdb
idmap uid = some uninteresting range
idmap gid = some uninteresting range
idmap config YOURDOMAINNAMEHERE : backend = ad
idmap config YOURDOMAINNAMEHERE : range = the range you want your
uids/gids to be
Like in http://www.samba.org/samba/docs/man/manpages-3/idmap_ad.8.html
Regards
Geza Gemes
Thanks again Geza
Am doing a total client reinstall atm, but that looks good.
On the DC, I take it that for a user object I shall need:
objectClass: posixAccount
uidNumber: 123
gidNumber: 456
and for a group object
objectClass: posixGroup
gidNumber: 456
Question:
1. Does the config you give go on both DC and client?
2. confusion:
This:
https://wiki.samba.org/index.php/Samba_3.6_Features_added/changed
says that
idmap uid = some uninteresting range
idmap gid = some uninteresting range
has been replaced by:
idmap config YOURDOMAINNAMEHERE : range= the range you want your
uids/gids to be
Should I remove the:
idmap uid = some uninteresting range
idmap gid = some uninteresting range
My gidNumbers start at 20513 (Domain Users) and my last uidNumber is
currenlty 3000157 so how about:
idmap config YOURDOMAINNAMEHERE : range=20000-4000000
?
3. If uidNumber and gidNumber are pulled from AD, why do I need to
specify a range?
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
