Andrew Chaplin
2009-Jan-28 20:17 UTC
[Samba] username map Solaris 10 11/08 using Sun DS 5.x ldap for authentication
Here's the configuration: OS: Solaris 10 11/08 OS Authentication: Sun Directory Server 5.x Samba: v3.0.32 included with Solaris 10 11/08 Samba auth: Windows 2003R2 AD Using a Windows XP client authenticated against AD mounting of home directories works fine and I'm able to perform create/modify/delete ops on files/directories in the home directory and files/directories which are created have the proper uid/gid associated with the user. If I try to modify the permissions for a file/directory from XP, samba complains about not being able to map a SID to a uid/gid. Windows 2003R2 AD has the RFC2307 schema preloaded. If I populate user accounts with their respective uid/gid, will that resolve the mapping error? Am I going to run into problems with winbind? Are there other options? Note that it is essential that LDAP and AD maintain consistent uid/gid per user/group.
Andrew Chaplin
2009-Feb-03 18:18 UTC
[Samba] username map Solaris 10 11/08 using Sun DS 5.x ldap for authentication
This has been resolved using idmap backend = nss. Thanks to Glenn Machin for pointing me in the right direction. We don't require username mapping as the accounts are the same in AD and DS. Andrew Chaplin wrote:> Here's the configuration: > OS: Solaris 10 11/08 > OS Authentication: Sun Directory Server 5.x > Samba: v3.0.32 included with Solaris 10 11/08 > Samba auth: Windows 2003R2 AD > > Using a Windows XP client authenticated against AD mounting of home > directories works fine and I'm able to perform create/modify/delete ops > on files/directories in the home directory and files/directories which > are created have the proper uid/gid associated with the user. > > If I try to modify the permissions for a file/directory from XP, samba > complains about not being able to map a SID to a uid/gid. > > Windows 2003R2 AD has the RFC2307 schema preloaded. If I populate user > accounts with their respective uid/gid, will that resolve the mapping > error? Am I going to run into problems with winbind? > > Are there other options? > > Note that it is essential that LDAP and AD maintain consistent uid/gid > per user/group.