2011-12-24 14:58 keltezéssel, steve írta: > On 12/24/2011 01:19 PM, Gémes Géza wrote: >> 2011-12-23 14:22 keltezéssel, steve írta: >>> Hi >>> >>> We have AD users created with either samba-tool user add steve2 or >>> using the windows AD frontend from a windows box. >>> >>> Users are created with home directories under /home/CACTUS >>> >>> On a win 7 client all works fine. Users can authenticate against the >>> CACTUS domain and files are created with the correct uid:gid >>> >>> We joined an Ubuntu client to the domain using likewise. /home from >>> the server is mounted on the client via nfs. On the ubuntu box, users >>> can authenticate, but cannot enter their /home folder. Making the >>> folder recursively 0777 allows them access but any new file created >>> has the wrong uid:gid >>> >>> On the server: wbinfo -i steve2 gives /home/CACTUS/steve2 3000006:100 >>> and I can use smbclient to create folders that show 3000006:100 >>> >>> On the ubuntu client however, any new files created have uid:gid of >>> 1481114100:1481114113 >>> >>> Can I eliminate Samba 4 from debugging this problem? If so, then can >>> anyone narrow down which of likewise or nfs is the culprit and if >>> neither then any other alternatives. . . >>> >>> Thanks >>> Steve. >> The problem you have noted is a result of the fact, that you are using >> two softwares with incompatible uid/gid<->sid mapping methods. Likewise >> has its own (I'm nut sure just from memories: algorithmic mapping) while >> Samba4 uses the "first seen sid first free xid (uid or gid) associated" >> method. Both have their shortcomings of their own. IMHO the best >> existing approach is represented by Samba3 winbind with the idmap_ad >> backend, where it uses the attributes stored in AD (rfc2307 schema). >> This way all the AD client linux system will have the same uid, gid, >> shell and homedir sets. However this leaves out the Samba4 server, which >> is going to have its own (unrelated) mappings. My suggestion would be to >> do the minimum possible of file operations on the Samba4 server itself, >> doing all from clients. >> >> Regards >> >> Geza > Thanks for the explanation > > OK. I got rid of likewise and joined the domain instead using the > openSUSE 'Windows Domain Membership' module under Yast. That uses > Samba 3. I joined the Samba 4 domain OK and can authenticate fine, but > again, the uid:gid was wrong. > > Geza, would this be possible: > > Can I turn off Samba 4 winbind on the server and use Samba 3 winbind > on the Linux clients whilst still using Samba 4 authentication? > > Thanks > Steve > > Is there I don't think so. For now you will have to do all the file operations on a joined machine with samba3 winbind configured.
Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
