Re: [Samba] Some direction of Samba4 Sid to Uid/Gid ?
On 17/01/2011 12:31 p.m., Andrew Bartlett wrote: On Sat, 2011-01-15 at 14:22 +1300, Wei-Tsun Sun wrote: On 15/01/2011 1:50 p.m., Taylor, Jonn wrote: On 01/14/2011 02:04 PM, Wei-Tsun Sun wrote: Did a git-pull and built samba4, up and running with winbind. I have a file server, which will be access by windows. Say I have a user named "abcde" (uid = 1000), under group "abcde) (gid = 1000). When I created a user with samba-too (samba-tool newuser abcde x), it creates an account "abcde" with mapped uid 300018 under group user users. I am really wondering if there is anyway to make the "abcde" created under samba to link with the "abcde" in my local linux. I have : idmap config SAMDOM: default = yes idmap config SAMDOM: backend = tdb idmap config SAMDOM: range = 1000-2 in my smb.conf But it seems the uid goes anywhere not near 1000. Cheers. Have a look at http://wiki.samba.org/index.php/Samba4/Winbind Jonn I did, that is why I am bringing this up. In the "Testing" section: #id Administrator uid=0(root) gid=100(users) groupes=0(root),100(users),304(Group Policy Creator Owners),308(Domain Admins) ID Administrator is not duplicated with the user name in the system. However, "abcde", which is already in my system with uid 1000, and the one created by the samba-tool is with uid 300018. When I $id abcde , I get abcde from the system but not from the samba4. Furthermore, files created via samba by the uid 300018 is not deletable by user uid 1000. Correct. Samba4 uses it's own uid and gid space, and manages all aspects of the user. You could edit the idmap.ldb I suppose. Eventually we will get this back into the directory to make this easier to administer. Andrew Bartlett Thank you very much Andrew, this really gives me an idea how to do it: From Samba4 HowTo, the last part of Step 1: Adding user into Samba 4 Active Directory : http://wiki.samba.org/index.php/Samba4/HOWTO#Step_1:_Adding_user_into_Samba_4_Active_Directory Since uid/gid spaces are different from the local system and samba, therefore one can change the samba user's uid/gid to the local system's ones, without conflicting (that I suppose). uid and gid are stored in idmap.ldb (thanks Andrew!) and can be edited by using ldbedit. So the steps are as follows, based on user name "abcde" with gid = 1000 and uid = 1000 on the local system: 1. If the user does not exist in samba4, create it : samba-tool newuser abcde 2. SID of abcde can be found from wbinfo -n abcde (say it turns S-1-5-21-3374259721-1964127243-1665914219-1106 SID_USER (1) ) 3. Edit the UID with the SID we just got ldbedit -e emacs -H path_to_/idmap.ldb objectsid=S-1-5-21-3374259721-1964127243-1665914219-1106 Change the xidNumber to 1000 4. Each "normal" users belongs at least two groups, one is user itself and another one is "user", to find the "user" group, one can: wbinfo --user-sids=S-1-5-21-3374259721-1964127243-1665914219-1106 It will gets S-1-5-21-3374259721-1964127243-1665914219-1106 S-1-5-21-3374259721-1964127243-1665914219-513 And the S-1-5-21-3374259721-1964127243-1665914219-513 is the identifier of the "user" group. 5. Use ldbedit to do the trick again ldbedit -e emacs -H path_to_/idmap.ldb objectsid=S-1-5-21-3374259721-1964127243-1665914219-513 Change xidNumber to 1000 as well 6. Then restart the samba4 service. Done! Cheers, Wei-Tsun Sun -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Some direction of Samba4 Sid to Uid/Gid ?
On Sat, 2011-01-15 at 14:22 +1300, Wei-Tsun Sun wrote: > On 15/01/2011 1:50 p.m., Taylor, Jonn wrote: > > > > On 01/14/2011 02:04 PM, Wei-Tsun Sun wrote: > >> Did a git-pull and built samba4, up and running with winbind. > >> > >> I have a file server, which will be access by windows. Say I have a > >> user named "abcde" (uid = 1000), under group "abcde) (gid = 1000). > >> > >> When I created a user with samba-too (samba-tool newuser abcde x), > >> it creates an account "abcde" with mapped uid 300018 under group user > >> users. > >> > >> I am really wondering if there is anyway to make the "abcde" created > >> under samba to link with the "abcde" in my local linux. > >> > >> I have : > >> idmap config SAMDOM: default = yes > >> idmap config SAMDOM: backend = tdb > >> idmap config SAMDOM: range = 1000-2 > >> > >> in my smb.conf > >> > >> But it seems the uid goes anywhere not near 1000. > >> > >> Cheers. > > Have a look at http://wiki.samba.org/index.php/Samba4/Winbind > > > > Jonn > > I did, that is why I am bringing this up. In the "Testing" section: > > #id Administrator > uid=0(root) gid=100(users) groupes=0(root),100(users),304(Group > Policy Creator Owners),308(Domain Admins) > > ID Administrator is not duplicated with the user name in the system. > However, "abcde", which is already in my system with uid 1000, and the > one created by the samba-tool is with uid 300018. > When I > $id abcde > , I get abcde from the system but not from the samba4. Furthermore, > files created via samba by the uid 300018 is not deletable by user uid 1000. Correct. Samba4 uses it's own uid and gid space, and manages all aspects of the user. You could edit the idmap.ldb I suppose. Eventually we will get this back into the directory to make this easier to administer. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Some direction of Samba4 Sid to Uid/Gid ?
On 15/01/2011 1:50 p.m., Taylor, Jonn wrote: On 01/14/2011 02:04 PM, Wei-Tsun Sun wrote: Did a git-pull and built samba4, up and running with winbind. I have a file server, which will be access by windows. Say I have a user named "abcde" (uid = 1000), under group "abcde) (gid = 1000). When I created a user with samba-too (samba-tool newuser abcde x), it creates an account "abcde" with mapped uid 300018 under group user users. I am really wondering if there is anyway to make the "abcde" created under samba to link with the "abcde" in my local linux. I have : idmap config SAMDOM: default = yes idmap config SAMDOM: backend = tdb idmap config SAMDOM: range = 1000-2 in my smb.conf But it seems the uid goes anywhere not near 1000. Cheers. Have a look at http://wiki.samba.org/index.php/Samba4/Winbind Jonn I did, that is why I am bringing this up. In the "Testing" section: #id Administrator uid=0(root) gid=100(users) groupes=0(root),100(users),304(Group Policy Creator Owners),308(Domain Admins) ID Administrator is not duplicated with the user name in the system. However, "abcde", which is already in my system with uid 1000, and the one created by the samba-tool is with uid 300018. When I $id abcde , I get abcde from the system but not from the samba4. Furthermore, files created via samba by the uid 300018 is not deletable by user uid 1000. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Some direction of Samba4 Sid to Uid/Gid ?
On 01/14/2011 02:04 PM, Wei-Tsun Sun wrote: > Did a git-pull and built samba4, up and running with winbind. > > I have a file server, which will be access by windows. Say I have a > user named "abcde" (uid = 1000), under group "abcde) (gid = 1000). > > When I created a user with samba-too (samba-tool newuser abcde x), > it creates an account "abcde" with mapped uid 300018 under group user > users. > > I am really wondering if there is anyway to make the "abcde" created > under samba to link with the "abcde" in my local linux. > > I have : > idmap config SAMDOM: default = yes > idmap config SAMDOM: backend = tdb > idmap config SAMDOM: range = 1000-2 > > in my smb.conf > > But it seems the uid goes anywhere not near 1000. > > Cheers. Have a look at http://wiki.samba.org/index.php/Samba4/Winbind Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Some direction of Samba4 Sid to Uid/Gid ?
Did a git-pull and built samba4, up and running with winbind. I have a file server, which will be access by windows. Say I have a user named "abcde" (uid = 1000), under group "abcde) (gid = 1000). When I created a user with samba-too (samba-tool newuser abcde x), it creates an account "abcde" with mapped uid 300018 under group user users. I am really wondering if there is anyway to make the "abcde" created under samba to link with the "abcde" in my local linux. I have : idmap config SAMDOM: default = yes idmap config SAMDOM: backend = tdb idmap config SAMDOM: range = 1000-2 in my smb.conf But it seems the uid goes anywhere not near 1000. Cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
