We're using Samba 3.0.23b (binaries downloaded from Sunfreeware) on
Solaris 9 as a member server, using "security = DOMAIN" in an Active
Directory 2003 domain. The server is primarily an application server,
running SAS software, but we have a share to Windows to enable users to
save programs and data from their Windows XP workstations. Historically
we've been using PC Netlink, Sun's version of Lanman, but this isn't
compatible with AD 2003 so we need to move to Samba.
We're struggling to establish a mapping between domain user accounts and
UNIX user accounts that are similarly named (the same naming convention
is used for both). My understanding of Samba, albeit sketchy, was that
it could automatically make a mapping between local and domain accounts
of the same name. However, this doesn't appear to be happening. If I set
a file's permissions for a specified user in Solaris it appears in the
file's security within Windows, but the user is listed as a Unix User
along the lines of:
u123456 (Unix User\u123456)
I was expecting that there should be an implicit mapping between u123456
in Solaris and domain\u123456 but maybe I've got the wrong end of the
stick. We need to maintain the local users so that we can control who
has access to the server software, and we maintain password aging both
on the server and the domain so maintaining a separate password database
for Samba would be a complication. an Extract from nsswitch.conf and
(edited) smb.conf and included below.
As you will see from nsswitch.conf, we are using winbind. wbinfo will
resolve any domain information and getent passwd will return domain user
accounts.
Many thanks in advance.
nsswitch.conf:
passwd: files winbind
group: files winbind
hosts: files dns winbind
smb.conf:
[global]
workgroup = our-domain-name
netbios aliases = mc18unxa
# dual nics: the netmask is correct for our network
interfaces = xx.xx.xxx.xx/255.255.240.0,
yy.yy.yyy.yy/255.255.240.0
security = DOMAIN
null passwords = Yes
password server = *
passdb backend = tdbsam
lanman auth = No
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log level = 1
log file = /var/samba/log/log.%m
max log size = 50000
load printers = No
dns proxy = No
ldap ssl = no
idmap uid = 10000-100000000
idmap gid = 10000-100000000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
create mask = 0644
directory mask = 0775
hosts deny = none
case sensitive = No
preserve case = No
domain master = no
local master = no
preferred master = no
os level = 0
[dosptn]
path = /dosptn
read only = No
inherit permissions = Yes
guest ok = Yes
----------------------------------------
Nigel Pain
The Scottish Government
Corporate Systems Support
Information Systems and Information Services (ISIS)
Victoria Quay
EDINBURGH
EH6 6QQ
UK
********************************************************
This e-mail (and any files or other attachments transmitted with it) is
intended solely for the attention of the addressee(s). Unauthorised use,
disclosure, storage, copying or distribution of any part of this e-mail is not
permitted. If you are not the intended recipient please destroy the email,
remove any copies from your system and inform the sender immediately by return.
Communications with the Scottish Government may be monitored or recorded in
order to secure the effective operation of the system and for other lawful
purposes. The views or opinions contained within this e-mail may not
necessarily reflect those of the Scottish Government.
********************************************************
The original of this email was scanned for viruses by the Government Secure
Intranet virus scanning service supplied by Cable&Wireless in partnership with
MessageLabs. (CCTM Certificate Number 2007/11/0032.) On leaving the GSi this
email was certified virus free.
Communications via the GSi may be automatically logged, monitored and/or
recorded for legal purposes.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
