Re: [Samba] Allow user without uidNumber to access to a Samba member file server
- Date: Wed, 15 Mar 2017 17:13:43 +0200
- From: Arnaud Cruzel via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Allow user without uidNumber to access to a Samba member file server
Le mercredi 15 mars 2017 à 13:17 +0000, Rowland Penny via samba a
> On Wed, 15 Mar 2017 14:23:23 +0200
> Arnaud Cruzel via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > Hi everybody,
> > I have a samba server member for file sharing configured like
> > below.
> > Domains controllers are on samba too.
> > Every servers are on samba 4.5.3.
> > When I created the domain I activated rfc2307.
> > Now I think rfc2307 was a bad idea...
> You could use the winbind 'rid' backend instead, this will mean that
> your users will get different 'IDs', so you will have to change the
> ownership of any files and directories stored on the fileserver.
> You will also have to use 'template' lines in smb.conf for Unix home
> dirs and shell.
Thanks for your answer.
OK, I tried that. After what there is no long problems for access to file server by an user without uidNumber.
But now it's impossible for unix client to access to samba shares on this server. I think because of uid are differents.
For information I didn't have to change shares owner, the server kept the same uids for users (I think because of caching ?)
What I did :
# diff smb.conf.ad smb.conf.rid
< idmap config IFPOAD:backend = ad
< idmap config IFPOAD:schema_mode = rfc2307
< idmap config IFPOAD:range = 10000-99999
> # idmap config IFPOAD:backend = ad
> # idmap config IFPOAD:schema_mode = rfc2307
> # idmap config IFPOAD:range = 10000-99999
< # idmap config IFPOAD : backend = rid
< # idmap config IFPOAD : range = 10000-999999
> idmap config IFPOAD : backend = rid
> idmap config IFPOAD : range = 10000-999999
< # winbind nss info = template
< # template shell = /bin/bash
> winbind nss info = template
> template shell = /bin/bash
> template homedir = /Users/%U
> # winbind nss info = rfc2307
< winbind nss info = rfc2307
< unix extensions = no
> # unix extensions = no
< #username map = /usr/local/samba/etc/user.map
> username map = /usr/local/samba/etc/user.map
To unsubscribe from this list go to the following URL and read the