On 13/01/12 16:59, Adam Tauno Williams wrote:
On Fri, 2012-01-13 at 10:32 -0500, Adam Tauno Williams wrote:
On Fri, 2012-01-13 at 02:51 +0100, steve wrote:
On 12/01/12 23:02, Adam Tauno Williams wrote:
Quoting steve<st...@steve-ss.com>:
Samba4's winbind does not support RFC2307, so doing this is pretty
rough. I think you need to either use CIFS + winbind everywhere or
somehow maintain an external idmap.
Yea, it is horrible. We are staring down the barrell of the same
gun.
As Jeremy said, they are discussing what needs to be done before
releasing Samba 4.0.0 and how to reconcile Samba 3's winbind and Samba
4's winbind etc., so if something that is critical for you does not
currently work, you should file a bug report.
Yep. I realise the 'alphaness' of Samba 4 but I think I am not alone
with my issue. I think I should be easy to fix now before it goes beta.
https://bugzilla.samba.org/show_bug.cgi?id=8635
Holy awesome; it got better. I just tested an upgrade of our
production domain and it appears that Samba4 took [and kept] the UID
number from the existing account.
Production
-------------
[root@littleboy ~]# id adam
uid=437(adam) gid=230(cis) groups=230(cis)
Test Server
------------
barbel:~ # wbinfo -i adam
BACKBONE\adam:*:437:100:Adam Williams:/home/BACKBONE/adam:/bin/false
Home directory is a bit wierd, and the gidNumber didn't stick. But at
least I have the uidNumber.
4.0.0alpha18-GIT-103c1cb [openSUSE 12.1 x86_64] transitioned via
"samba-tool domain samba3upgrade" from Samba S3w/LDAPSAM.
Nice find you have there. Meanwhile I've got it working. Very rough. But
working for 10 hour Kerberos sessions at a time;)
http://linuxcostablanca.blogspot.com/2011/12/samba-4-linux-integration-first-i-want.html
Steve
What I'm puzzled by [and maybe this is a deficiency in Samba4 still] is
that while the LDAP modify works the wbinfo output doesn't change.
dn: CN=adam,CN=Users,DC=micore,DC=us
changetype: modify
add: objectclass
objectclass: posixaccount
-
add: objectclass
objectclass: shadowaccount
-
add: uidnumber
uidnumber: 437
-
add: gidnumber
gidnumber: 230
-
add:unixhomedirectory
unixhomedirectory: /home/adam
-
add: loginshell
loginshell: /bin/ksh
barbel:~ # wbinfo -i adam
BACKBONE\adam:*:437:100:Adam Williams:/home/BACKBONE/adam:/bin/false
I am able to get my home-directory path back to the previous value
[ based on the useful information from this link -
<https://lists.samba.org/archive/samba/2010-May/156051.html> ]
Setting: template homedir = /home/%ACCOUNTNAME%
The old %U type variables aren't supported. But the above results in
the same thing -
barbel:/opt/s4 # wbinfo -i adam
BACKBONE\adam:*:437:100:Adam Williams:/home/adam:/bin/false
I found a list of Windows environment variables here
<http://vlaurie.com/computers2/Articles/environment.htm> According the
old 2010 thread these are now expanded on the client side in Microsoft
fashion rather than expanded on the serve [in the config backend??].
You have to rfc2307-ify the group too. e.g.:
samba-tool group add suseusers
samba-tool group addmembers suseusers steve6
wbinfo --group-info=suseusers
suseusers:*:3000016:
kinit Administrator
ldapmodify -h 192.168.1.3 -D cn=Administrator,cn=Users,dc=hh3,dc=site -Y
GSSAPI
dn: cn=suseusers,sn=Users,dc=hh3,dc=site
changetype: modify
add: objectClass
objectClass: posixAccount
-
add: objectClass
objectClass: posixGroup
<hit enter + ctrl C. . .bug in os 12.1??>
Then,
Use nslcd to map uid:gid from LDAP:
/etc/nsswitch.conf
passwd: files ldap
group: files ldap
and then:
hh3:/home/steve # getent passwd steve6
steve6:*:3000015:3000016:steve6:/home/CACTUS/steve6:/bin/bash
hh3:/home/steve # getent group suseusers
suseusers:*:3000016:
hh3:/home/steve # wbinfo -i steve6
CACTUS\steve6:*:3000015:3000016::/home/CACTUS/steve6:/bin/false
Linux= nfs4/idmapd. w7= out of the box.
Server:
hh3:/tmp # id steve6
uid=3000015(steve6) gid=3000016(suseusers) groups=3000016(suseusers)
Client:
steve6@hh6:~> id
uid=3000015(steve6) gid=3000016(suseusers) groups=3000016(suseusers)
steve6@hh6:~> echo "Hola" > file
steve6@hh6:~> ls -l file
-rw-r--r-- 1 steve6 suseusers 5 Feb 9 13:52 file
Maybe I should add this to the bug report.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
