perhaps it is not a good idea to use the same names for a Unix User and the AD User.
If for example you have unix-user xyz with uid=7738 and an AD-User xyz so the AD-USer xyz gets via winbind perhaps uid=199300 What answer should id xyz give? Bardo [EMAIL PROTECTED] schrieb: > I posted this last week but haven't heard anything. I'm not sure if this > is because nobody knows the answer (can't believe that!) or I'm missing > something obvious in the documentation and people are thinking "Read The > Fine Manual". Whatever the reason, if anyone has any insights into this > problem I'd be very grateful for their comments. > > We're using Samba 3.0.23b (binaries downloaded from Sunfreeware) on > Solaris 9 as a member server, using "security = DOMAIN" in an Active > Directory 2003 domain. The server is primarily an application server, > running SAS software, but we have a share to Windows to enable users to > save programs and data from their Windows XP workstations. Historically > we've been using PC Netlink, Sun's version of Lanman, but this isn't > compatible with AD 2003 so we need to move to Samba. > > We're struggling to establish a mapping between domain user accounts and > UNIX user accounts that are similarly named (the same naming convention > is used for both). My understanding of Samba, albeit sketchy, was that > it could automatically make a mapping between local and domain accounts > of the same name. However, this doesn't appear to be happening. If I set > a file's permissions for a specified user in Solaris it appears in the > file's security within Windows, but the user is listed as a Unix User > along the lines of: > > u123456 (Unix User\u123456) > > I was expecting that there should be an implicit mapping between u123456 > in Solaris and domain\u123456 but maybe I've got the wrong end of the > stick. We need to maintain the local users so that we can control who > has access to the server software, and we maintain password aging both > on the server and the domain so maintaining a separate password database > for Samba would be a complication. an Extract from nsswitch.conf and > (edited) smb.conf and included below. > > As you will see from nsswitch.conf, we are using winbind. wbinfo will > resolve any domain information and getent passwd will return domain user > accounts. > > Many thanks in advance. > > nsswitch.conf: > > passwd: files winbind > group: files winbind > > hosts: files dns winbind > > smb.conf: > > [global] > workgroup = our-domain-name > netbios aliases = mc18unxa > # dual nics: the netmask is correct for our network > interfaces = xx.xx.xxx.xx/255.255.240.0, > yy.yy.yyy.yy/255.255.240.0 > security = DOMAIN > null passwords = Yes > password server = * > passdb backend = tdbsam > lanman auth = No > client NTLMv2 auth = Yes > client lanman auth = No > client plaintext auth = No > log level = 1 > log file = /var/samba/log/log.%m > max log size = 50000 > load printers = No > dns proxy = No > ldap ssl = no > idmap uid = 10000-100000000 > idmap gid = 10000-100000000 > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > create mask = 0644 > directory mask = 0775 > hosts deny = none > case sensitive = No > preserve case = No > domain master = no > local master = no > preferred master = no > os level = 0 > > [dosptn] > path = /dosptn > read only = No > inherit permissions = Yes > guest ok = Yes > > > ---------------------------------------- > Nigel Pain > The Scottish Government > Corporate Systems Support > Information Systems and Information Services (ISIS) > Victoria Quay > EDINBURGH > EH6 6QQ > UK > > > > > ******************************************************** > > This e-mail (and any files or other attachments transmitted with it) is > intended solely for the attention of the addressee(s). Unauthorised use, > disclosure, storage, copying or distribution of any part of this e-mail is > not permitted. If you are not the intended recipient please destroy the > email, remove any copies from your system and inform the sender immediately > by return. > > > > Communications with the Scottish Government may be monitored or recorded in > order to secure the effective operation of the system and for other lawful > purposes. The views or opinions contained within this e-mail may not > necessarily reflect those of the Scottish Government. > > ******************************************************** > > > The original of this email was scanned for viruses by the Government Secure > Intranet virus scanning service supplied by Cable&Wireless in partnership > with MessageLabs. (CCTM Certificate Number 2007/11/0032.) On leaving the GSi > this email was certified virus free. > Communications via the GSi may be automatically logged, monitored and/or > recorded for legal purposes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
