On the PDC, both the unix and samba account info is on that machine.
The samba user info includes which is the local unix user. On the
member server, the samba account info is pulled from the PDC. Which
means that even both unix machines have identical unix accounts (e.g.
the same /etc/passwd and /etc/group file, or use NIS, NIS+ or LDAP)
winbind ignores this. Your member machine probably has an idmap
range - so that samba can assign unix uid and gid's for the "foreign"
samba accounts. (Even though you would think this isn't necessary.)
I found this wasn't so much a problem if most of the permission
management was handle on the unix level- but the moment you started
setting perms in windows the "rob 1000" and "rob 10020" became a
problem. This bugged me for years.
My first work around was to use LDAP for the IDMAP backend and then
manually edit the uid and gid fields in the idmap entries to match the
unix ones. In the end, I changed everything to an ldap backend and
changed the member server to a BDC.
On 01/13/10 16:39, Robert Steinmetz wrote:
I have two servers running Samba, one as a Domain Controller one as a
Member Server. Both are running Ubuntu 8.10 and running smbd, nmbd and
winbindd using the tdb back end.
I am having a problem understanding ID mapping. The mapping is not the
same on both machines.
On the Domain Controller
r...@thelma:/etc/init.d# wbinfo -i 'ATLANTA\rob'
rob:*:1000:2003:Robert Steinmetz,,,:/home/ATLANTA/rob:/bin/false
r...@thelma:/etc/init.d# wbinfo -i 'ATLANTA\trish'
trish:*:1033:2003::/home/ATLANTA/trish:/bin/false
On the Member Server
r...@louise:/etc/samba# wbinfo -i 'ATLANTA\rob'
ATLANTA\rob:*:10020:10001:Robert
Steinmetz,,,:/home/ATLANTA/rob:/bin/bash
r...@louise:/etc/samba# wbinfo -i 'ATLANTA\trish'
ATLANTA\trish:*:10037:10001::/home/ATLANTA/trish:/bin/bash
Note the different UID and GID
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
