Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] UID Matching

371 views
Skip to first unread message

Brian D. McGrew

unread,
Jan 18, 2011, 4:50:03 PM1/18/11
to
Good afternoon...


Currently my Unix and Windows UID's don't match, nowhere close to it. I use
AD for the Windows side of the house from a Win2K8 Server and I still use
NIS for the Unix/Linux side of the house. I don't do single sign-on yet, so
everyone in the building has a Windows account and a Unix account with two
different UID's, but the same username.

Now, I'm at a point where I need to share a filesystem from a Samba server
to Windows, but it also needs to be accessible via NFS to the Unix users at
the same time.

What is the best way to do this and get some cohesion between the UID's???
I was thinking I could extend AD with the Unix stuff but then stopped and
realized I'd be better of asking the world than guessing, in a production
environment.

Thanks!

-b

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Gaiseric Vandal

unread,
Jan 18, 2011, 5:30:01 PM1/18/11
to
Just to clarify , by uid you mean then numerical user id?

Unix uid's are different that Windows SID's - so they will never be
identical. Samba has idmapping functionality to map unix id's (e.g.
123) to samba sid's (e.g
S-1-5-xx-aaaaaaaaaaaaa-bbbbbbbbbbb-cccccccccc-1123)

Since you already have active directory in place you probably want to do
the following:
- configure samba as a member server of the windows AD domain
- configure unix authentication to use the samba server in place of
NIS (e.g. when you log in to unix, /etc/nsswitch.conf is configured to
resolve password and groups via winbind.)


Samba shd allocate unix id's for your windows accounts, but
unfortunately they will not end up being the same as your existing uid's.

Windows Server has (at least 2003 did) Services for Unix, which should
add some basic NIS functionality to Windows Server. It at least
lets your Windows account store some basic unix account info. But I
don't know if you can configure samba to use those.

Brian D. McGrew

unread,
Jan 18, 2011, 5:40:01 PM1/18/11
to
> Samba shd allocate unix id's for your windows accounts, but
> unfortunately they will not end up being the same as your existing uid's.
-----

Is there any way around this? Perhaps Windows Services for Unix? Will
Samba read the Unix UID from SFU if it's installed??? I _HAVE_ to get the
UID's to match.

Not all my Windows users use Unix, but, ALL my Unix users use Windows ---
and the Windows users also need access to all the files.

Without getting the UID's to match up, I don't see how I'm going to make
this work... Unless, I'm thinking shortsighted and there is other info I'm
unaware of?

Gaiseric Vandal

unread,
Jan 18, 2011, 6:40:02 PM1/18/11
to
As a disclaimer, I am not using samba as a AD member server- although I
am also thinking about how I might make that happen.

I am reading the man page for idmap_ad.


The idmap_ad plugin provides a way for Winbind to read id
mappings from
an AD server that uses RFC2307/SFU schema extensions. This module
implements only the "idmap" API, and is READONLY. Mappings must be
provided in advance by the administrator by adding the
posixAccount/posixGroup classes and relative attribute/value
pairs to
the user and group objects in the AD.


So on closer reading it does suggest it will pick up the unix UID and
unix GID directly from AD. I had confused this earlier with the
idmap_rid backend.


Are you also using autofs for your unix clients?

Linux Addict

unread,
Jan 25, 2011, 4:50:03 PM1/25/11
to
On Tue, Jan 18, 2011 at 6:32 PM, Gaiseric Vandal
<gaiseri...@gmail.com>wrote:


group map + rid may solve your problem. Force samba to write with a same gid
as nfs and make the dir setgid.

0 new messages