On Sun, 2011-12-25 at 09:51 +0100, steve wrote: > Ok > I've joined a samba 3 machine to the samba 4 domain. The uid:gid home > directory problem is still there. as I've also been asked off-list (via my blog) I'll answer here as it may help others as well. Mapping user ids seems to be a problem in various places. I run Samba4 as AD for a bunch of (virtual) Windows 7 machines and as Kerberos/LDAP server for some Solaris and Linux boxes and Samba3 on the fileserver. I extended the original LDAP schema on the S4 side to include the posix UID/GID bits (rfc 2307 iirc) - not sure if this has made it into the current tree yet. In my case I create new users with the Windows Management Console (give the fellow admins an easy start). That sets up the Windows related things. Second step ist to user ldapmodify to add the needed Unix bits to that account. Wrapped in a litte script to fetch the next free UIDNUMBER, add and create the user's home directory, chown and chmod as required etc. The last bit which seems to be important to make things work nicely is to add a hard UID:SID mapping on the fileserver running the Samba fileserver: /opt/samba/bin/wbinfo --set-uid-mapping=$UIDN,`/opt/samba/bin/wbinfo -n $UID`
UIDN being the UNIX UIDNUMBER and UID being the user's login name. That makes the job for Samba3 easier as it doesn't need to figure out the mapping by itself. One could argue that it would be nice if Samba checked for the existence of the posix uid number and use that for a mapping but there may be cases where someone would like to have a different behaviour. For us it works very well though. Also I never really had the need to create unix accounts on the fly for existing Samba/Windows users. Once those exist in LDAP I prefer them to carry the appropriate UNIX attributes as well. The Samba3 part runs on a Solaris10 box (the script to modify the account and add the mapping runs on the same machine) but it should work the same way on a Linux machine. Hope this helps a little. If you need more details, let me know. Bernd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
