Mark London
2022-Apr-20 01:17 UTC
[Samba] How to use Samba on Ubuntu. whose files are mapped to the Active Windows LDAP domain UIDs, not Active Windows UIDs .
Hi - We have a Windows/Linux environment.?? The Linux computers use the Active Domain LDAP server. I'm running a Linux web server. ? I want to create a Sambamount point on it, to allow Windows users to modify files in certain website folders. The problem is that Samba only uses Winbind for authentication. But because our LDAP UIDs are different than the Windows UIDs for users, this is a major problem. If I switch the Linux server to using Winbind, by putting it in nsswtich.conf, this will break the Linux server's file's ownership. This used to work properly on an much older version of Samba, which didn't have to use Winbind to authenticate. I presently can only find one solution in our environment.? We do have a Netapp disk server that is serving folders using NFS to our Linux users, and using Samba for our Windows users.? That box can handle the different UID mappings.?? I sure wish a linux server had the same functionality.?? Thanks. - Mark
Rowland Penny
2022-Apr-20 10:06 UTC
[Samba] How to use Samba on Ubuntu. whose files are mapped to the Active Windows LDAP domain UIDs, not Active Windows UIDs .
On Tue, 2022-04-19 at 21:17 -0400, Mark London via samba wrote:> Hi - We have a Windows/Linux environment. The Linux computers use > the > Active Domain LDAP server. > > I'm running a Linux web server. I want to create a Sambamount point > on > it, to allow Windows users to modify files in certain website > folders. > The problem is that Samba only uses Winbind for authentication. > > But because our LDAP UIDs are different than the Windows UIDs for > users,Your 'LDAP UIDs' will always be different to the 'Windows UIDs', this is because Windows uses the RID and Samba uses either something mapped to the RID or uidNumber/gidNumber attributes.> this is a major problem. If I switch the Linux server to using > Winbind, > by putting it in nsswtich.conf, this will break the Linux server's > file's ownership.It sounds like you may be running Samba as a standalone server and if you are, then your Samba IDs will never match the Windows RIDs.> > This used to work properly on an much older version of Samba, which > didn't have to use Winbind to authenticate.It sounds like you may have upgraded Samba and fallen into the 'SMBv1 is now turned off' hole. What version of Samba were you running and what version are you now running ? It will also probably help if you post your smb.conf Rowland