On 12/04/13 13:10, Rowland Penny wrote:
On 12/04/13 08:32, steve wrote:
On 12/04/13 08:06, steve wrote:
On 11/04/13 22:45, steve wrote:
On 11/04/13 22:05, Rowland Penny wrote:
On 11/04/13 20:42, steve wrote:
On 11/04/13 20:39, Rowland Penny wrote:
On 11/04/13 17:27, steve wrote:
Hi again
This is driving me crazy!
If I change the permissions on the cifs share to 0777, I can then
write to the cifs share as user steve2 BUT the uid:gid sent by cifs
are wrong:
-rw-r--r-- 1 3000032 20513 0 Apr 12 09:25 j2
-rwxrwxr-x+ 1 3000017 users 0 Apr 12 09:25 j3
The file j2 was created on the unmounted share with the correct
uid:gid, 3000032:20513
The file j3 was created on the cifs mounted share. The server has
sent 3000017:100 :(
Any ideas?
Cheers,
Steve
OK Steve, after some investigation, either I am going mad ( possible
:-) ) or cifs is broken if you do not use winbind.
I can mount (via a script run at login) the users directory from the
server provided I do not use 'multiuser' but any files are created on
the server with the WRONG uid i.e. the user I login with is uid
3000017, if the permissions on the client are checked the file belongs
to the user, but if checked on the server, the files do not belong to
the user, they belong to a uid '3000000'.
I do not know where this user comes from, getent passwd on the server
does not show this user, but if I create a testdir on the server I can
chown it to 3000000.
If I try to mount the users directory using multiuser, the mount fails
because it now requires roots/Administrators krb5_cc and I have not
created it.
I am now coming round to the idea that if the samba team want S4 to be
used with unix clients then some work needs to be done to ensure it
easily works as expected and in my opinion the first thing that needs
to happen is the S3 winbind that exists at present needs to be thrown
into the wastebin.
Rowland
Hi Rowland
It WAS an idmap/winbind problem. On the one hand we can get our uid:gid
from idmap.ldb or we can get it from AD. But not a mix of the two. What
I had was the server using idmap and the client using AD. Disaster! The
line:
idmap_ldb:use rfc2307 = Yes
needs to be added to smb.conf for uid:gid ALWAYS being pulled from AD.
Just to be sure, I also had a long ldbedit session on idmap.ldb to
remove the users that Samba added before I got the syntax right for the
smb.conf line above.
I agree that winbind is too complicated a way to go about adding Linux
clients to AD, especially when there are point and click methods around
(I believe you just found one: we use nss-ldapd). But what really seems
to confuse the issue is that we have TWO methods for ID mapping. idmap
or the AD ldap. I'd vote for going with just one method: AD. Having
choice in matters such as these can only add to the already confusing
winbind/AD setup, as I have just so painfully found out:(
I believe the devs think that as time goes by, Samba4 will get more
attention from companies wanting to deploy more and more windows boxes.
Where I come from, we're going the other way: even though we'll always
cater for a few microsoft programs, the windows boxes are slowly but
surely being replaced by Linux. Maybe in a year or so, none of this will
be relevant as we go cloud. Not sure. Having said all this, I still
think S4 is a remarkable achievement.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
