Dale,
Thanks for the information and the link. We are just now trying to
implement this and we have not implemented this on any production
servers. I need to talk with my security person to see if we
have/planning to have trusted domains. If we do then I will have to go
with the ldap/ADS solution that was in the link you gave.
Thanks again,
Reece
Dale Schroeder wrote:
Reece,
idmap backend = rid:MYDOMAIN=15000-2
will create consistent mappings, _*but*_ be aware that enabling this
parameter will break all your existing mappings,
and you will have to reset permissions on your Redhat servers.
Obviously, this is not desirable on production
systems. However, once this is done, you will continue to have the
same mappings on any existing and
similarly configured future Samba servers. Only you can determine if
it is worth the time and effort to do this.
We have four servers configured this way, and users have the same
uid/gid on each system.
Comparison of idmap backends:
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2598850
Dale
Reece Dike wrote:
We are using a windows server 2003 active directory as our single sign
on server. I have been able to get our RHEL4U6 servers to authenticate
with active directory.
My concern is that the RID mapping to unix uid/gid range (15000-2)
is stored locally on each machine in a tdb database. So far all of the
servers have produced the same mapping, but I do not think it is
guarantied. I think the fact that I do a wbinfo -u and wbinfo -g as part
of the setup and there have been no users/groups added to active
directory has made the mappings the same. I know that the uid/gid are
not being store in active directory(I did a 'dsquery * -scope base
-attrib *' on my id in active directory). Is there any way to guaranty
the RID to uid/gid mapping across several servers?
Thanks,
Reece Dike
Here is my smb.conf
[global]
workgroup = MYDOMAIN
server string = Samba Server Version %v
security = ADS
password server = 68.216.162.90
realm = MYDOMAIN.COM
passdb backend = tdbsam
load printers = yes
cups options = raw
template shell = /bin/false
server signing = autos
idmap uid = 15000-2
idmap gid = 15000-2
winbind enum groups = yes
winbind enum users = yes
winbind separator = +
winbind use default domain = no
template homedir = /homes/%D/%U
template shell = /bin/bash
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[usbshare]
comment = Backups and Stuff
path = /usbdrive
valid users = +MYDOMAIN+Domain Users
read only = no
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
