Scott Ehrlich
2010-Dec-17 14:08 UTC
[CentOS] Samba, id, uid, Active Directory and CentOS 5
I have some CentOS 5 systems that are part of an Active Directory Windows 2003 domain (using natively configured files - not likewise open). getent passwd my_account reveals uid and gid are both 10000:10000. Thus, typing: % id reveals a uid of 10000. /etc/passwd does NOT have my local account created - credentials are strictly from the Active Directory domain. The username is of the format se123456. I want my uid to be of the format 123456 (numeric part of the username. I have looked at many options for smb.conf configurations. At this point, I'm starting to believe that if getent passwd provides 10000:10000 fior uid/gid then id is providing the correct details. My SID from the domain controller is correct when queried from CentOS. usermod will not work to change the id since there is no entry in /etc/passwd. Might a shell script of some kind help convert my uid from 10000 to 123456? It should not be static calculation, since anyone logging in to that system should have their id equal the numeric portion of their username, and the numeric part may be a smaller value than 10000. The numeric part of the username matches no part of the SID from Windows. Thanks. Scott
I have some CentOS 5 systems that are part of an Active Directory Windows 2003 domain (using natively configured files - not likewise open). getent passwd my_account reveals uid and gid are both 10000:10000. Thus, typing: % id reveals a uid of 10000. /etc/passwd does NOT have my local account created - credentials are strictly from the Active Directory domain. The username is of the format se123456. I want my uid to be of the format 123456 (numeric part of the username. I have looked at many options for smb.conf configurations. At this point, I'm starting to believe that if getent passwd provides 10000:10000 fior uid/gid then id is providing the correct details. My SID from the domain controller is correct when queried from CentOS. usermod will not work to change the id since there is no entry in /etc/passwd. Might a shell script of some kind help convert my uid from 10000 to 123456? ? It should not be static calculation, since anyone logging in to that system should have their id equal the numeric portion of their username, and the numeric part may be a smaller value than 10000. The numeric part of the username matches no part of the SID from Windows. Thanks. Scott
TAKAHASHI Motonobu
2010-Dec-17 15:41 UTC
[Samba] Samba, id, uid, Active Directory and CentOS 5
2010/12/17 Scott Ehrlich <srehrlich at gmail.com>:> I have some CentOS 5 systems that are part of an Active Directory > Windows 2003 domain (using natively configured files - not likewise > open).> Might a shell script of some kind help convert my uid from 10000 to > 123456? ? It should not be static calculation, since anyone logging in > to that system should have their id equal the numeric portion of their > username, and the numeric part may be a smaller value than 10000. > > The numeric part of the username matches no part of the SID from Windows.As I mentioned before, using wbinfo --set-uid-mapping command (with Winbind) or net idmap restore command, you will (re)assign an uid to a Windows user manually. --- TAKAHASHI Motonobu <monyo at samba.gr.jp>
James Pearson
2010-Dec-17 16:02 UTC
[CentOS] Samba, id, uid, Active Directory and CentOS 5
Scott Ehrlich wrote:> I have some CentOS 5 systems that are part of an Active Directory > Windows 2003 domain (using natively configured files - not likewise > open). > > getent passwd my_account reveals uid and gid are both 10000:10000. > > Thus, typing: % id > > reveals a uid of 10000. > > /etc/passwd does NOT have my local account created - credentials are > strictly from the Active Directory domain. > > The username is of the format se123456. > > I want my uid to be of the format 123456 (numeric part of the username. > > I have looked at many options for smb.conf configurations. > > At this point, I'm starting to believe that if getent passwd provides > 10000:10000 fior uid/gid then id is providing the correct details. > My SID from the domain controller is correct when queried from CentOS. > > usermod will not work to change the id since there is no entry in /etc/passwd. > > Might a shell script of some kind help convert my uid from 10000 to > 123456? It should not be static calculation, since anyone logging in > to that system should have their id equal the numeric portion of their > username, and the numeric part may be a smaller value than 10000. > > The numeric part of the username matches no part of the SID from Windows.Have a look at the bit about the rfc2307 schema at: <http://wiki.samba.org/index.php/Samba_&_Active_Directory#Advanced_Configuration> If you are running Windows 2003 R2 with the optional IDMU (Identity Management for Unix), then you can store Unix UID/GID (and other standard passwd fields) in Active Directory for each user - and use these via winbind James Pearson