Ok, I solved my own problem, here is the config that works:
[global]
log file = /var/log/samba/%m.log
load printers = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = 192.168.1.2
template shell = /bin/bash
dns proxy = no
cups options = raw
netbios name = tuvalu
server string = Matisse Storage
workgroup = MATISSE
os level = 20
printcap name = /etc/printcap
security = ads
max log size = 50
password server = MATISSE01
realm = MATISSENETWORKS.COM
winbind cache time = 5
winbind use default domain = yes
winbind trusted domains only = Yes
winbind nested groups = Yes
-----Original Message-----
From: samba-bounces+christian=matissenetworks.com@lists.samba.org
[mailto:samba-bounces+christian=matissenetworks.com@lists.samba.org] On
Behalf Of Christian Lahti
Sent: Friday, November 18, 2005 3:29 PM
To: samba@lists.samba.org
Subject: [Samba] Help! Emergency
Ok, so this is probably a stupid question asked a million times, but I
am a bit stuck. Up till now I have always deployed an OpenLDAP backend
and a Samba domain controller in order to share the same set of data
between unix and windows hosts. So jsmith with a UID of 1001 could
read/write files either in Linux or windows and the same "identity"
would be used. Now I am working for a company that uses active
directory, I consolidated Linux to use AD for Unix, so now in AD I have
jsmith and 1001 as the "NIS" Uid. Now comes the bad part, on a Linux
filesystem shared by Samba to windows, when jsmith writes a file to the
samba share, I expect the owner of the file to be 1001 BUT it is
something like 16777216 instead! I suppose this has to do with the UID
mapping, I just want the UID/GID to keep with the same AD stuff.
Please, please, please tell me how I should setup Samba to use the
assigned UID to the AD name. I thought by joining the AD domain samba
would pick this up. I am suspecting I have to use LDAP access to AD to
get the UID/GID info, but the attribute names are not standard POSIX
stuff. I am sure there is an easy solution for this, the whole idea of
using AD for both Windows and Unix was to eliminate administration and
get closer to single signon.
[global]
log file = /var/log/samba/%m.log
load printers = yes
idmap gid = 16777216-33554431
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = 192.168.1.2
winbind use default domain = no
template shell = /bin/bash
dns proxy = no
cups options = raw
netbios name = tuvalu
server string = Matisse Storage
idmap uid = 16777216-33554431
workgroup = MATISSE
os level = 20
printcap name = /etc/printcap
security = ads
max log size = 50
password server = MATISSE01
realm = MATISSENETWORKS.COM
/Christian Lahti
christian@matissenetworks.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba