Dale, Thanks for the information and the link. We are just now trying to implement this and we have not implemented this on any production servers. I need to talk with my security person to see if we have/planning to have trusted domains. If we do then I will have to go with the ldap/ADS solution that was in the link you gave.
Thanks again, Reece Dale Schroeder wrote: > Reece, > > idmap backend = rid:MYDOMAIN=15000-20000 > > will create consistent mappings, _*but*_ be aware that enabling this > parameter will break all your existing mappings, > and you will have to reset permissions on your Redhat servers. > Obviously, this is not desirable on production > systems. However, once this is done, you will continue to have the > same mappings on any existing and > similarly configured future Samba servers. Only you can determine if > it is worth the time and effort to do this. > We have four servers configured this way, and users have the same > uid/gid on each system. > > Comparison of idmap backends: > http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2598850 > > > Dale > > > Reece Dike wrote: >> We are using a windows server 2003 active directory as our single sign >> on server. I have been able to get our RHEL4U6 servers to authenticate >> with active directory. >> >> My concern is that the RID mapping to unix uid/gid range (15000-20000) >> is stored locally on each machine in a tdb database. So far all of the >> servers have produced the same mapping, but I do not think it is >> guarantied. I think the fact that I do a wbinfo -u and wbinfo -g as part >> of the setup and there have been no users/groups added to active >> directory has made the mappings the same. I know that the uid/gid are >> not being store in active directory(I did a 'dsquery * -scope base >> -attrib *' on my id in active directory). Is there any way to guaranty >> the RID to uid/gid mapping across several servers? >> >> >> Thanks, >> Reece Dike >> >> >> >> Here is my smb.conf >> [global] >> workgroup = MYDOMAIN >> server string = Samba Server Version %v >> security = ADS >> password server = 68.216.162.90 >> realm = MYDOMAIN.COM >> passdb backend = tdbsam >> load printers = yes >> cups options = raw >> template shell = /bin/false >> server signing = autos >> idmap uid = 15000-20000 >> idmap gid = 15000-20000 >> winbind enum groups = yes >> winbind enum users = yes >> winbind separator = + >> winbind use default domain = no >> template homedir = /homes/%D/%U >> template shell = /bin/bash >> >> [homes] >> comment = Home Directories >> browseable = no >> writable = yes >> >> [printers] >> comment = All Printers >> path = /var/spool/samba >> browseable = no >> guest ok = no >> writable = no >> printable = yes >> >> [usbshare] >> comment = Backups and Stuff >> path = /usbdrive >> valid users = +"MYDOMAIN+Domain Users" >> read only = no >> >> >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
