that behavior is logical correct, i would say.
What happens is:
the user is found from nis, and gets an userid not from the winbind-range.
As a result samba is not able to verify this uid against the AD, as it is not an AD-user-id.
i guess to achive what you want you would have to add the nis-users to the local smbpasswd-database with the correct username and password and tell samba to loock up users first in local database and then in AD.
But i don't know if this is possible, i never tried it.
question to the developpers,
IF the AD-mode is implemented as a normal TDB-Backend i guess it would work, but i think this is a little bit a diffrent beast, isn't it? wouldn't it be a nifty feature for futere versions of samba, giving it much more flexibility? Christoph
Plant, Dean schrieb:
Hello list,
I need to setup a samba file server with user access from a Windows AD
domain and a separate Solaris NIS domain. All of our users have an account
on the AD domain but only some of our users have a Unix account. I would
like Windows users that have a Unix account to have files written as per
their Unix uid and users that do not have an account to have a uid assigned
from winbind.
I had thought of using winbind with
winbind trusted domains only = yes
with the nsswitch.conf file listing
passwd: files winbind nis shadow: files winbind nis group: files winbind nis
which I thought would match known user names to NIS id's and unknown user names to winbind uid's. This does not work as I expected as all users are given winbind uid's
If I change nsswitch.conf to
passwd: files nis winbind shadow: files nis winbind group: files nis winbind
Users that have Unix accounts are given the NIS uid but users without a Unix account are asked for a username/password when connecting to Samba.
Can anyone confirm that what I am trying to do is possible and if so any idea's what I have missed.
I am testing with 3.0.9 on FC3
My smb.conf below
[global]
workgroup = AD server string = Samba printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = ads socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 name resolve order = wins bcast wins server = 192.168.2.19 dns proxy = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false password server = * realm = AD.MYDOMAIN.CO.UK winbind trusted domains only = yes winbind use default domain = no
Thanks in advance
Dean Plant
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
