I have a Windows 200x AD Server and have a Linux box as a client connected to the Windows domain having modified the native Kerberos, smb.conf, and other files (not using Likewise). It logs in to the domain fine and everything is happy. There are NO local accounts in /etc/passwd except for the defaults out of the box. Authentication relies on the accounts of the Windows server. I have no authority on the server except to add or remove computers. Login accounts take the form, for example, initials and a number: se123456 I want my uid to reflect 123456. I spent about an hour or two playing with various configurations and options of idmap and winbind. ? Along the way, some testing revealed: getent passwd my_ad_account returned almost all appropriate values, but the uid and gid were both 10000, clearly not correct. wbinfo -n my_ad_account returned my correct sid (I think that was the wbinfo syntax used. ?In any event, whatever syntax I used for me returned the correct sid. So we know the system can see me - I just need the uid to be accurate. As an update, I need the uid to return the numeric portion of my ad_account username, so if I am se123456, I need the uid to return 123456, thus getent passwd would show se123456:x:123456:blah.... Thanks. Scott
You should read up on the following smb.conf directives: idmap uid idmap gid idmap domains idmap config [domain]:backend idmap config [domain]:default idmap config [domain]:schema_mode idmap config [domain]:range Might be able to solve you problems. On 12/06/10 22:27, Scott Ehrlich wrote:> I have a Windows 200x AD Server and have a Linux box as a client > connected to the Windows domain having modified the native Kerberos, > smb.conf, and other files (not using Likewise). > > It logs in to the domain fine and everything is happy. > > There are NO local accounts in /etc/passwd except for the defaults out > of the box. Authentication relies on the accounts of the Windows > server. > > I have no authority on the server except to add or remove computers. > > Login accounts take the form, for example, initials and a number: se123456 > > I want my uid to reflect 123456. > > I spent about an hour or two playing with various configurations and > options of idmap and winbind. Along the way, some testing revealed: > > getent passwd my_ad_account returned almost all appropriate values, > but the uid and gid were both 10000, clearly not correct. > > wbinfo -n my_ad_account returned my correct sid (I think that was the > wbinfo syntax used. In any event, whatever syntax I used for me > returned the correct sid. > > So we know the system can see me - I just need the uid to be accurate. > > As an update, I need the uid to return the numeric portion of my > ad_account username, so if I am se123456, I need the uid to return > 123456, thus getent passwd would show se123456:x:123456:blah.... > > Thanks. > > Scott-- Jas http://www.github.com/jas-
Hello 2010/12/7 Scott Ehrlich <srehrlich at gmail.com>:> I have a Windows 200x AD Server and have a Linux box as a client > connected to the Windows domain having modified the native Kerberos, > smb.conf, and other files (not using Likewise).(snip)> As an update, I need the uid to return the numeric portion of my > ad_account username, so if I am se123456, I need the uid to return > 123456, thus getent passwd would show se123456:x:123456:blah....I think Samba has no way to archive your goal. Only the way is to set the mapping manually, using idmap_ad (with SFU or SUA) ,wbinfo --set-uid-mapping command (with Winbind) or net idmap restore command. --- TAKAHASHI Motonobu <monyo at samba.gr.jp>