samba - Aug 2006 - How to map a user to a specific uid?

I have aix with 3.0.21c samba with the following smb.conf:
 
[global]
        workgroup = MYDOMAIN
        realm = MYDOMAIN.COM
        server string = User management Server
        security = ADS
        password server = ad.mydomain.com
        idmap backend = rid:MYDOMAIN=100000-200000
        allow trusted domains = No
        log level = 0
        log file = /usr/local/samba/var/log.%m
        max log size = 50
        name resolve order = hosts wins lmhosts bcast
        socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
        preferred master = No
        local master = No
        dns proxy = No
        wins server = wins01, wins02
        ldap ssl = no
        idmap uid = 100000-200000
        idmap gid = 100000-200000
        template shell = /bin/ksh
        template homedir = /home/%D/%U
        winbind separator = +
        winbind nested groups = Yes
        winbind use default domain = Yes
        aio read size = 1
        aio write size = 1
        nt acl support = Yes
 
I need to nfs share the samba home directory of a user on the samba
server over to another server, but the uid it is giving is for example
100000 instead of the standard uid for the user on all the other
servers.  How can I make samba use whatever uid I want for the user
(i.e., the uid the user is known as on other servers)?  Is there a map
type command or file I can use?  
 
David

 
David Shapiro
Distributed Systems
Unix Team Lead
office: 919-765-2011
cellphone: 730-0538

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shapiro wrote:
> I need to nfs share the samba home directory of a 
> user on the samba server over to another server,
> but the uid it is giving is for example
> 100000 instead of the standard uid for the user on all 
> the other servers.  How can I make samba use
> whatever uid I want for the user (i.e., the uid the user
> is known as on other servers)?  Is there a map
> type command or file I can use?  
See 'username map' in smb.conf(5).





cheers, jerry
====================================================================Samba       
------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE6xTRIR7qMdg1EfYRAjJcAKDdecx052G1PYWpJAlQGqvvFLB4QwCg1CNW
v8O6qKu0HbK9wSWCZGhq5dU=n1GS
-----END PGP SIGNATURE-----

What do you put in the file to map an ad user to a unix user?  If I have
an ad user MYDOMAIN+joe, do I put in user.map file:
 
joe MYDOMAIN+joe
 
 
 
David Shapiro
Distributed Systems
Unix Team Lead
office: 919-765-2011
cellphone: 730-0538
>>> "Gerald (Jerry) Carter" <jerry@samba.org> 8/22/2006
10:29:37 AM
>>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shapiro wrote:
> I need to nfs share the samba home directory of a 
> user on the samba server over to another server,
> but the uid it is giving is for example
> 100000 instead of the standard uid for the user on all 
> the other servers.  How can I make samba use
> whatever uid I want for the user (i.e., the uid the user
> is known as on other servers)?  Is there a map
> type command or file I can use?  
See 'username map' in smb.conf(5).





cheers, jerry
====================================================================Samba       
------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE6xTRIR7qMdg1EfYRAjJcAKDdecx052G1PYWpJAlQGqvvFLB4QwCg1CNW
v8O6qKu0HbK9wSWCZGhq5dU=n1GS
-----END PGP SIGNATURE-----

I noticed that even after I added a username map /usr/local/samba/lib/users.map
to smb.conf
 
...added to users.map:
 
joe MYDOMAIN+joe
 
The MYDOMAIN+joe home directory still shows the rid uid of 100000
instead of the the unix user joe's uid of 785755.  What am I doing
wrong?
 
David
 
 
David Shapiro
Distributed Systems
Unix Team Lead
office: 919-765-2011
cellphone: 730-0538
>>> "Gerald (Jerry) Carter" <jerry@samba.org> 8/22/2006
10:29:37 AM
>>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shapiro wrote:
> I need to nfs share the samba home directory of a 
> user on the samba server over to another server,
> but the uid it is giving is for example
> 100000 instead of the standard uid for the user on all 
> the other servers.  How can I make samba use
> whatever uid I want for the user (i.e., the uid the user
> is known as on other servers)?  Is there a map
> type command or file I can use?  
See 'username map' in smb.conf(5).





cheers, jerry
====================================================================Samba       
------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE6xTRIR7qMdg1EfYRAjJcAKDdecx052G1PYWpJAlQGqvvFLB4QwCg1CNW
v8O6qKu0HbK9wSWCZGhq5dU=n1GS
-----END PGP SIGNATURE-----

I am using:
 
workgroup = BCBSNC
        realm = BCBSNC.COM
        server string = User management Server
        security = ADS
        password server = ad.bcbsnc.com
        idmap backend = rid:BCBSNC=100000-200000
        allow trusted domains = No
        log level = 0
        log file = /usr/local/samba/var/log.%m
        max log size = 50
        name resolve order = hosts wins lmhosts bcast
        socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
        preferred master = No
        local master = No
        dns proxy = No
        wins server = svcmc02, svcmc03
        ldap ssl = no
        idmap uid = 100000-200000
        idmap gid = 100000-200000
        template shell = /bin/ksh
        template homedir = /home/%D/%U
        winbind separator = +
        winbind nested groups = Yes
        winbind use default domain = Yes
        aio read size = 1
        aio write size = 1
        nt acl support = Yes
        username map = /usr/local/samba/lib/users.map

[homes]
        root preexec = /usr/local/samba/bin/mkhome.sh %D %U
        path = /home/%D/%U
        valid users = %D+%U
        read only = No
        browseable = No

If is do an ls -la of the /home/MYDOMAIN, I see
 
drwxr-x---   3 joe users           256 Feb 24 13:04 joe
 
But nfs mount joe on the remote system appears as uid of 100000 instead
of the uid 785757 (joe's unix uid)
 
 
In that, it is using the rid id not the unix user's uid.
 
David
 
 
 
David Shapiro
Distributed Systems
Unix Team Lead
office: 919-765-2011
cellphone: 730-0538
>>> "Gerald (Jerry) Carter" <jerry@samba.org> 8/22/2006
2:14:45 PM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shapiro wrote:
> What do you put in the file to map an ad user to a unix 
> user?  If I have an ad user MYDOMAIN+joe, do I put
> in user.map file:
>  
joe  = MYDOMAIN+joe

If you are not runnign winbindd and using 'security = ads',
you need

    joe = MYDOMAIN+joe MYDOMAIN.REA.LM+joe

to cover cases where the user may login via NTLM or Krb5.




cheers, jerry
====================================================================Samba       
------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE60mVIR7qMdg1EfYRAo82AKCAGeUBULiAr/MhTOrMIWp8w/3h6ACgu9Ck
4kGtYfCUk1TwNTvWYaGd6FY=DGxs
-----END PGP SIGNATURE-----

I would like to see:
 
username map option allow you to specify a uid number so that a rid
number is not used.  
 
joe = 785755
 
David
 
 
 
David Shapiro
Distributed Systems
Unix Team Lead
office: 919-765-2011
cellphone: 730-0538
>>> "Gerald (Jerry) Carter" <jerry@samba.org> 8/22/2006
2:14:45 PM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shapiro wrote:
> What do you put in the file to map an ad user to a unix 
> user?  If I have an ad user MYDOMAIN+joe, do I put
> in user.map file:
>  
joe  = MYDOMAIN+joe

If you are not runnign winbindd and using 'security = ads',
you need

    joe = MYDOMAIN+joe MYDOMAIN.REA.LM+joe

to cover cases where the user may login via NTLM or Krb5.




cheers, jerry
====================================================================Samba       
------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE60mVIR7qMdg1EfYRAo82AKCAGeUBULiAr/MhTOrMIWp8w/3h6ACgu9Ck
4kGtYfCUk1TwNTvWYaGd6FY=DGxs
-----END PGP SIGNATURE-----
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba