Hello, I have a samba server (3.0.21c) that gets its UNIX user info from nss_ldap. It acts as an ADS member server (the UNIX usernames match the ones in the Windows domain). Simple usage works fine: if I log in on a Win client as DOMAIN\user then I can map a drive on \\samba\user and read/write and so on. However if I look up the security properties of a file in \\samba\user, the owner shows up as local to the samba server, i.e. \\samba\user as opposed to DOMAIN\user. My hunch is that when a Win client is asking about ownership (or security) details, it does so in terms of SIDs, not usernames. And that Samba returns an SID which is arbitrary w.r.t the domain SIDs. How can I fix that? Or have I missed something obvious? Thanks Nikos This email has been independently scanned for viruses and any virus software has been removed using McAfee anti-virus software
Hi, On Fri, 2006-03-17 at 09:25 -0600, Gerald (Jerry) Carter wrote:> > I have a samba server (3.0.21c) that gets its UNIX user > > info from nss_ldap. It acts as an ADS member server (the > > UNIX usernames match the ones in the Windows domain). > > > > Simple usage works fine: if I log in on a Win client as > > DOMAIN\user then I can map a drive on \\samba\user and read/write > > and so on. However if I look up the security properties of a > > file in \\samba\user, the owner shows up as local to the samba > > server, i.e. \\samba\user as opposed to DOMAIN\user. > > > > My hunch is that when a Win client is asking about > > ownership (or security) details, it does so in terms of > > SIDs, not usernames. And that Samba returns an SID which is > > arbitrary w.r.t the domain SIDs. How can I fix that? Or > > have I missed something obvious? > > Your hunch is correct. Run winbindd but do not set the > 'idmap {uid,gid}' parameters and you should be fine.Thanks for your response. I am already running winbindd without idmaps or an ldap backend. Or is the ldap backend compulsory? Thanks Nikos This email has been independently scanned for viruses and any virus software has been removed using McAfee anti-virus software
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nikos Gkorogiannis wrote:> Hello, > > I have a samba server (3.0.21c) that gets its UNIX user > info from nss_ldap. It acts as an ADS member server (the > UNIX usernames match the ones in the Windows domain). > > Simple usage works fine: if I log in on a Win client as > DOMAIN\user then I can map a drive on \\samba\user and read/write > and so on. However if I look up the security properties of a > file in \\samba\user, the owner shows up as local to the samba > server, i.e. \\samba\user as opposed to DOMAIN\user. > > My hunch is that when a Win client is asking about > ownership (or security) details, it does so in terms of > SIDs, not usernames. And that Samba returns an SID which is > arbitrary w.r.t the domain SIDs. How can I fix that? Or > have I missed something obvious?Your hunch is correct. Run winbindd but do not set the 'idmap {uid,gid}' parameters and you should be fine. cheers, jerry ====================================================================I live in a Reply-to-All world. ----------------------- Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEGtTRIR7qMdg1EfYRAlc3AKCU0tIuMq+uf7fxhCqFZz37wwaUDgCgx8S0 I/9yWMTGpWJZaZp/XNSRV6s=Go2v -----END PGP SIGNATURE-----