2011-12-23 14:22 keltezéssel, steve írta: > Hi > > We have AD users created with either samba-tool user add steve2 or > using the windows AD frontend from a windows box. > > Users are created with home directories under /home/CACTUS > > On a win 7 client all works fine. Users can authenticate against the > CACTUS domain and files are created with the correct uid:gid > > We joined an Ubuntu client to the domain using likewise. /home from > the server is mounted on the client via nfs. On the ubuntu box, users > can authenticate, but cannot enter their /home folder. Making the > folder recursively 0777 allows them access but any new file created > has the wrong uid:gid > > On the server: wbinfo -i steve2 gives /home/CACTUS/steve2 3000006:100 > and I can use smbclient to create folders that show 3000006:100 > > On the ubuntu client however, any new files created have uid:gid of > 1481114100:1481114113 > > Can I eliminate Samba 4 from debugging this problem? If so, then can > anyone narrow down which of likewise or nfs is the culprit and if > neither then any other alternatives. . . > > Thanks > Steve. The problem you have noted is a result of the fact, that you are using two softwares with incompatible uid/gid<->sid mapping methods. Likewise has its own (I'm nut sure just from memories: algorithmic mapping) while Samba4 uses the "first seen sid first free xid (uid or gid) associated" method. Both have their shortcomings of their own. IMHO the best existing approach is represented by Samba3 winbind with the idmap_ad backend, where it uses the attributes stored in AD (rfc2307 schema). This way all the AD client linux system will have the same uid, gid, shell and homedir sets. However this leaves out the Samba4 server, which is going to have its own (unrelated) mappings. My suggestion would be to do the minimum possible of file operations on the Samba4 server itself, doing all from clients.
Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
