for the groups and users it is necessary to configure on the AD side
UNIX Attributes and edit /etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
after edit config samba to
SERVER DC:
[global]
netbios name = SRV-DC02
realm = EXAMPLE.RU
workgroup = EXAMPLE
server role = active directory domain controller
log level = 2 auth_json_audit:3
SHARE:
[global]
netbios name = SRV-SHARE
workgroup = EXAMPLE
realm = EXAMPLE.RU
server string = %h rsync host
security = ads
14.06.2018 20:28, Rowland Penny via samba пишет:> On Thu, 14 Jun 2018 18:02:29 +0500
> Шигапов Денис Вильданович via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>> How to make the user id on the domain controller and the file server
>> the same
>>
>> SERVER DC:
>> [global]
>> netbios name = SRV-DC02
>> realm = EXAMPLE.RU
>> workgroup = EXAMPLE
>> server role = active directory domain controller
>> log level = 2 auth_json_audit:3
>> username map = /etc/samba/username_map
>> vfs objects = acl_xattr
>> store dos attributes = Yes
>>
>> [root at srv-dc02 ~]# id vas.lah at example.ru
>> uid=3000416(EXAMPLE\vas.lah) gid=100(users)
>> группы=100(users),3000416(EXAMPLE\vas.lah),3000051(EXAMPLE\domain
>> admins),3000054(EXAMPLE\группа с запрещением репликации паролей
>> rodc),3000055(EXAMPLE\администраторы wsus),3000056(EXAMPLE\wsus
>>
administrators),3000035(EXAMPLE\1c_links_ут),3000001(BUILTIN\users),3000000(BUILTIN\administrators),3000057(BUILTIN\performance
>> log users),3000043(BUILTIN\performance monitor users)
>>
>>
>>
>> SHARE:
>> [global]
>> netbios name = SRV-SHARE
>> workgroup = EXAMPLE
>> realm = EXAMPLE.RU
>> server string = %h rsync host
>> # server role = member server
>> security = ads
>>
>> [root at srv-share samba]# id vas.lah at example.ru
>> uid=3188138(EXAMPLE.RU\vas.lah) gid=3000513(domain users)
>> группы=3000513(domain users),3188138(EXAMPLE.RU\vas.lah),3109633(wsus
>> administrators),3034556(1c_links_ут),3111123(администраторы
>> wsus),3100572(группа с запрещением репликации паролей
>> rodc),3100512(domain admins),3153446(администратор 4
>> категории),3000001(BUILTIN\users),3000000(BUILTIN\administrators)
> The first thing to do, remove these lines from the Samba AD DC:
>
> username map = /etc/samba/username_map
> vfs objects = acl_xattr
> store dos attributes = Yes
>
> They have no place in a Samba AD DC smb.conf.
>
> There is only one way to have the same ID's everywhere on Unix and that
> is to use the winbind 'ad' backend. This entails giving your users
&
> groups uidNumber & gidNumber attributes, then run 'net cache
flush' on
> the DC, most ID's will change.
>
> You then need to set up the smb.conf correctly on the Unix domain
> member (yours is correct as far as it goes, it just doesn't go far
> enough).
>
> Can I suggest you read this:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> Anything you don't understand, or have questions about, please ask.
>
> Rowland
>
>