Greeting- I had to take a break from mucking with samba because some other things came up. Let me recap the situation: . I have an existing network of various unix boxes that use NIS and NFS at the moment. . I have to drop some windows boxes into the network. . For policy reasons certain staff are in the local password file on each server, everyone else is in NIS. . UIDs are in sync across the network using NIS and of course /etc/passwd is kept in sync for the "local accounts" . Existing users need to have their CURRENT UID when they authenticate using SAMBA and attach shares using smb. . I just created user wynkoop using pdbedit on a brand new install of 4.1.17 and when I attach using smbclient and upload a file the owner is 30001, which is not my UID. pdbedit -L shows my username followed by my correct UID. There must be a simple solution, but so far it escapes me. I may drop back to samba 3.x or 2.x where I know how to make sure I get the UID I want, but the goal is in the end to shutdown NIS and use just the LDAP and Kerberos provided by samba. I know I can do find and chown stuff, but really that is not the best solution. So.........help, and yes I have been RTFMing with no luck. I would also love to know how to re-use a previously autoasigned UID in samba. There are use cases for removing a user and creating a new user with a previously assigned UID. Thanks. -Brett -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 929-272-0000 Amendment III No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law.
On 25/02/15 09:06, Brett Wynkoop wrote:> Greeting- > > I had to take a break from mucking with samba because some other things > came up. > > Let me recap the situation: > > . I have an existing network of various unix boxes that use NIS and NFS > at the moment. > > . I have to drop some windows boxes into the network. > > . For policy reasons certain staff are in the local password file on > each server, everyone else is in NIS. > > . UIDs are in sync across the network using NIS and of > course /etc/passwd is kept in sync for the "local accounts" > > . Existing users need to have their CURRENT UID when they authenticate > using SAMBA and attach shares using smb. > > . I just created user wynkoop using pdbedit on a brand new install of > 4.1.17 and when I attach using smbclient and upload a file the owner > is 30001, which is not my UID. pdbedit -L shows my username followed > by my correct UID. > > There must be a simple solution, but so far it escapes me. I may drop > back to samba 3.x or 2.x where I know how to make sure I get the UID I > want, but the goal is in the end to shutdown NIS and use just the LDAP > and Kerberos provided by samba. I know I can do find and chown stuff, > but really that is not the best solution. > > So.........help, and yes I have been RTFMing with no luck. > > I would also love to know how to re-use a previously autoasigned UID in > samba. There are use cases for removing a user and creating a new user > with a previously assigned UID. > > Thanks. > > -Brett > >OK, going to need more info here, can you post the smb.conf you have tried so far. You mention that you want to use the LDAP and Kerberos provided by samba, this will mean that you will need to run samba4 as an AD DC, yet you refer to creating users with pdbedit? Lets find out how you have been trying to use samba4 and go from there, I wouldn't go back to using samba2 and samba3 may go EOL next week. Rowland
On Wed, 25 Feb 2015 10:18:04 +0000 Rowland Penny <rowlandpenny at googlemail.com> wrote:> > > OK, going to need more info here, can you post the smb.conf you have > tried so far. You mention that you want to use the LDAP and Kerberos > provided by samba, this will mean that you will need to run samba4 as > an AD DC, yet you refer to creating users with pdbedit? >If there is another way to create users I have not discovered it yet. At the moment I do not have the windows boxes in house yet, so I have no native MS=Windows tools. The following smb4.conf is hand tweaked from a sample I found on the net. The one generated by samba-tool would not even allow a connection to be made using smbclient. ------------------cut here------------------------------------------- # Global parameters [global] workgroup = WYNN auth methods = pam sam winbind kerberos method = secrets and keytab local master = yes netbios name = PRD2 log level = 4 # dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsa rpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserv er, winreg, srvsvc dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsa rpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, winreg , srvsvc realm = WYNN.COM os level = 20 username map = /var/db/samba4/private/users.map client max protocol = SMB3 # server min protocol = SMB3 hide dot files = no winbind trusted domains only = yes # server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp _signd, kcc, dnsupdate, dns, smb server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, nt p_signd, kcc, smb winbind use default domain = yes dns forwarder = 199.89.147.3 domain logons = yes smb encrypt = yes security = user encrypt passwords = yes preferred master = yes # idmap_ldb:use rfc2307 = yes wins support = true server role = active directory domain controller # kerberos stuff # # security = ADS # password server = prd2.wynn.com [netlogon] path = /var/db/samba4/sysvol/wynn.com/scripts read only = No [sysvol] path = /var/db/samba4/sysvol read only = No [archive] writeable = yes browseable = yes valid users = wynkoop write list = wynkoop, at wheel user = wynkoop path = /archive force user = wynkoop comment = /archive # revalidate = yes # vfs objects = zfsacl # nfs4:mode = special # nfs4:chown = yes # zfsacl:acesort = dontcare --------------------cut here----------------- Oddball word wraps are the fault of my mail client. So I hope someone can show me my error. This samba was built last night on FreeBSD 10.1 from ports and is version 4.1.17. -Brett -- wynkoop at wynn.com http://prd4.wynn.com/wynkoop/pgp-keys.txt 917-642-6925 The Second Amendment extends, prima facie, to all instruments that constitute bearable arms, even those that were not in existence at the time of the founding. ~ Justice Scalia