On Jan 13 14:39, Chris Roehrig wrote: > I'm trying to set up samba (standalone) following these instructions: > https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-samba > > but I'm having no luck getting my samba user/groups to appear correctly using > the <cygwin unix="601"/> comment field as described in the document. > > I'm using samba 4.13.14 on Ubuntu 20.04 with security = user (smbpasswd). > winbindd is not installed and I'm not using any LDAP or AD anywhere. > > E.g. here is what is on the server (croehrig:croehrig = 601:601; > cristina:cristina = 603:603) > housesrv[3]% ls -l /House/Users > total 17 > drwxr-xr-x 9 cristina cristina 22 Jan 12 16:06 cristina > drwxr-xr-x 30 croehrig croehrig 53 Jan 13 09:47 croehrig > > > Here are the ACLs and SIDs when looking on the windows client: > tyto[5]% icacls \\\\housesrv\\Users\\\* > \\housesrv\Users\cristina S-1-5-21-751087815-2087572193-42305691-1001:(F) > S-1-22-2-603:(RX) > Everyone:(RX) > > \\housesrv\Users\croehrig S-1-5-21-751087815-2087572193-42305691-1000:(F) > S-1-22-2-601:(RX) > Everyone:(RX) > > As you can see, the gid is mapping to the S-1-22-2-<gid> as described > in the document above, but the uid is using a domain-specific SID with > different RIDs.
These look like your standard Windows SIDs, so they are your SIDs for users cristina and croehrig on Windows. They should show up as such in ls -l output, unless the SID is actuall wrong, e. g., they map to your accounts on another machine or something like that. > On the windows client I have the same users and groups set up locally > (SAM) with appropriate SID mappings to the same uid/gids (601/603) in > the Cygwin /etc/passwd and /etc/group. This has all been working > well to ensure e.g. rsync preserves permissions and ownership between > cygwin and Linux. (The windows groups are called 'grp-croehrig' and > 'grp-cristina' since windows users and groups share a namespace, but > they are mapped to 'croehrig' and 'cristina' in /etc/group). > > > Here is how the SMB share looks under Cygwin: > tyto[6]% ls -l //housesrv/Users/ > total 0 > drwxr-xr-x 1 Unknown+User Unix_Group+603 0 Jan 12 16:06 cristina > drwxr-xr-x 1 Unknown+User Unix_Group+601 0 Jan 13 09:47 croehrig Sorry, but I don't quite understand. If you have matching /etc/passwd and /etc/group files, and your /etc/nsswitch.conf allows reading the files, this shouldn't happen. Are the Windows SIDs correct? Are they matching your machine? Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
