I have a network with a Samba server (Samba 4, but running as an old
NT-style domain), Windows and Linux clients.
The Windows clients need to be able to read and write to filesystems on
the Linux client. Also, other Linux machines need to write (via NFS) to
the same directories on the Linux client as the Windows clients.
This was all working with with a Linux client running (I am ashamed to
say) CentOS 5. However, after updating the Linux client to CentOS7,
things don't seem to work the way they used to. Note that, in the CentOS
world, "update to CentOS 7" means a complete re-install. So I have a
new
CentOS 7 client which has the same name as the old CentOS 5 client.
In order to get smb working, I had to change "security = server" to
"security = domain", install winbind and I then attempted to join the
Linux client to the domain. I am not sure if the join actually worked.
What I see now is that files created by the Windows clients on the Linux
client show that they owned by: "<DOMAIN>\user", with an
associated UID
that has a very high number. This presents problems with permissions,
since the same files and directories need to be accessed from both Linux
NFS clients and Windows SMB clients using the same username ("user").
Is there any way to have the Windows client access map to just "user",
with its Linux UID? What should I expect with a machine that is joined
to a domain -- or is the problem that the Linux client is not actually
joined to the domain? If so, how do I fix this?
Simon
Blue Pearl Software, Inc. will collect and process information about you that
may be subject to data protection laws. For more information about how we use
and disclose your personal information, how we protect your information, our
legal basis to use your information, your rights and who you can contact, please
refer to the relevant sections of our Privacy note at
www.bluepearlsoftware.com/privacypolicy.
On 07/08/2020 19:46, Simon Matthews via samba wrote:> I have a network with a Samba server (Samba 4, but running as an old > NT-style domain), Windows and Linux clients.You really should consider upgrading to AD,> Is there any way to have the Windows client access map to just "user", > with its Linux UID? What should I expect with a machine that is joined > to a domain -- or is the problem that the Linux client is not actually > joined to the domain? If so, how do I fix this?Can we start by seeing your smb.conf files from your PDC and a linux client, also what OS is the client running. Rowland
On 8/7/20 12:00 PM, Rowland penny via samba wrote:> On 07/08/2020 19:46, Simon Matthews via samba wrote: >> I have a network with a Samba server (Samba 4, but running as an old >> NT-style domain), Windows and Linux clients. > You really should consider upgrading to AD, >> Is there any way to have the Windows client access map to just "user", >> with its Linux UID? What should I expect with a machine that is joined >> to a domain -- or is the problem that the Linux client is not actually >> joined to the domain? If so, how do I fix this? > > Can we start by seeing your smb.conf files from your PDC and a linux > client, also what OS is the client running. > > RowlandThe client is running CentOS 7: # cat /etc/redhat-release CentOS Linux release 7.8.2003 (Core) After another attempt, I have successfully joined the linux client to the domain: # net rpc join MEMBER -S raidserver -U root%<password> Using short domain name -- BLUE Joined 'TURQUOISE' to domain 'BLUE' Note that the hostname of the Linux client is actually "H2". Turquoise is a hold over from what it was earlier. "turquoise" resolves on the network: $ ping turquoise PING h2.sj.bps (192.168.254.105) 56(84) bytes of data. 64 bytes from h2.sj.bps (192.168.254.105): icmp_seq=1 ttl=64 time=0.264 ms Client config: ======== grep -v ^# /etc/samba/smb.conf [global] workgroup = BLUE password server = raidserver security = domain idmap config * : range = 16777216-33554431 template shell = /bin/false kerberos method = secrets only winbind use default domain = false winbind offline logon = true username map = /etc/samba/usermap.txt # This file is empty. server string = Samba Server Version %v netbios name = TURQUOISE # client ntlmv2 auth = yes # ntlm auth = no interfaces = lo eth1 local master = no os level = 20 preferred master = no wins support = no load printers = no cups options = raw [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [build2] comment = build2 on Turquoise path = /export/build browseable = yes writeable = yes guest ok = yes [install] comment = install on Turquoise path = /mnt/newbuild2/install browseable = yes writeable = yes guest ok = yes [squish] comment = squish on Turquoise path = /mnt/newbuild2/TestArea browseable = yes writeable = yes guest ok = yes [build4] comment = build4 on Turquoise path = /build4 browseable = yes writeable = yes guest ok = yes [build-H4] comment = build4 on Turquoise path = /build4 browseable = yes writeable = yes guest ok = yes Config on PDC (raidserver): ================ # grep -v ^# /etc/samba/smb.conf [global] workgroup = BLUE netbios name = RAIDSERVER server string = Samba Server %v interfaces = 192.168.254.3, 127.0.0.1 bind interfaces only = yes map to guest = Bad User smb passwd file = /etc/samba/private/smbpasswd log file = /var/log/samba3/log.%m log level = 1 max log size = 500 # socket options = IPTOS_LOWDELAY TCP_NODELAY socket_options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # write cache size = 262144 printcap name = cups os level = 64 # WINS support must be present for domain logins wins support = yes dns proxy = No ldap ssl = no domain master = yes domain logons = yes enable privileges = yes security = user local master = yes preferred master = yes #logon path = \\%N\profiles\%U logon path logon home = \\raidserver\%U logon drive = h: logon script = logon.bat passdb backend = tdbsam #null passwords = yes time server = yes dos filetimes = yes max protocol = SMB3 map untrusted to domain = yes [netlogon] path = /local/samba/netlogon read only = yes browseable = no [profiles] path = /local/samba/profiles read only = no create mask = 0666 directory mask = 0700 browseable = no [homes] comment = Home Directories path = /home/%S invalid users = root read only = No browseable = No dos filetime resolution = yes [home] comment = Home Directories path = /home/ invalid users = root read only = No browseable = Yes dos filetime resolution = yes [build2] comment = Home Directories path = /home/build2 invalid users = root read only = No browseable = No dos filetime resolution = yes [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes browseable = No # printer admin = root,simon [print$] path = /var/lib/samba/printers write list = @adm, root guest ok = Yes read only = yes browseable = yes # printer admin = root,simon [export] comment = Export dir path = /export invalid users = root admin users = simon read only = No dos filetime resolution = yes> > > >Blue Pearl Software, Inc. will collect and process information about you that may be subject to data protection laws. For more information about how we use and disclose your personal information, how we protect your information, our legal basis to use your information, your rights and who you can contact, please refer to the relevant sections of our Privacy note at www.bluepearlsoftware.com/privacypolicy.