samba - Feb 2009 - Map sids to Unix UID and GID

I have a samba server running on a Linux RHEL5 system.   The system uses 
nss_ldap and gets passwd and group information from a non-windows ldap 
server.   The smb.conf file is using security=ads and spnego in order to 
user Kerberos tickets rather than ntlmv2.

I have done a net ads join, and the authentication is working fine, 
however when I try to set an ACL on a file from a windows client using 
an group defined in Active Directory I get messages talking about not 
being able to map the SID to a uid.

I don't want to use winbind for authentication.

So how to you map SID to uid and SID to gid?


Thanks for any help you can provide.


Glenn

On Mon, Feb 2, 2009 at 6:31 PM, Glenn Machin <gmachin@sandia.gov>
wrote:
>
> I have a samba server running on a Linux RHEL5 system.   The system uses
> nss_ldap and gets passwd and group information from a non-windows ldap
> server.   The smb.conf file is using security=ads and spnego in order to
> user Kerberos tickets rather than ntlmv2.
>
> I have done a net ads join, and the authentication is working fine, however
> when I try to set an ACL on a file from a windows client using an group
> defined in Active Directory I get messages talking about not being able to
> map the SID to a uid.
>
> I don't want to use winbind for authentication.
>
> So how to you map SID to uid and SID to gid?
>
>
Do you have idmap configured?

John