Web lists-archives.com

Re: [Samba] problem map uuid users and group




for the groups and users it is necessary to configure on the AD side UNIX Attributes and edit /etc/nsswitch.conf

passwd:     files winbind
shadow:     files winbind
group:      files winbind


after edit config samba to

SERVER DC:
[global]
         netbios name = SRV-DC02
         realm = EXAMPLE.RU
         workgroup = EXAMPLE
         server role = active directory domain controller
         log level = 2 auth_json_audit:3


SHARE:
[global]
   netbios name = SRV-SHARE
   workgroup = EXAMPLE
   realm = EXAMPLE.RU
   server string = %h rsync host
   security = ads


14.06.2018 20:28, Rowland Penny via samba пишет:
On Thu, 14 Jun 2018 18:02:29 +0500
Шигапов Денис Вильданович via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hi,
How to make the user id on the domain controller and the file server
the same

SERVER DC:
[global]
          netbios name = SRV-DC02
          realm = EXAMPLE.RU
          workgroup = EXAMPLE
          server role = active directory domain controller
          log level = 2 auth_json_audit:3
          username map = /etc/samba/username_map
          vfs objects = acl_xattr
          store dos attributes = Yes

[root@srv-dc02 ~]# id vas.lah@xxxxxxxxxx
uid=3000416(EXAMPLE\vas.lah) gid=100(users)
группы=100(users),3000416(EXAMPLE\vas.lah),3000051(EXAMPLE\domain
admins),3000054(EXAMPLE\группа с запрещением репликации паролей
rodc),3000055(EXAMPLE\администраторы wsus),3000056(EXAMPLE\wsus
administrators),3000035(EXAMPLE\1c_links_ут),3000001(BUILTIN\users),3000000(BUILTIN\administrators),3000057(BUILTIN\performance
log users),3000043(BUILTIN\performance monitor users)



SHARE:
[global]
    netbios name = SRV-SHARE
    workgroup = EXAMPLE
    realm = EXAMPLE.RU
    server string = %h rsync host
    # server role = member server
    security = ads

[root@srv-share samba]# id vas.lah@xxxxxxxxxx
uid=3188138(EXAMPLE.RU\vas.lah) gid=3000513(domain users)
группы=3000513(domain users),3188138(EXAMPLE.RU\vas.lah),3109633(wsus
administrators),3034556(1c_links_ут),3111123(администраторы
wsus),3100572(группа с запрещением репликации паролей
rodc),3100512(domain admins),3153446(администратор 4
категории),3000001(BUILTIN\users),3000000(BUILTIN\administrators)
The first thing to do, remove these lines from the Samba AD DC:

          username map = /etc/samba/username_map
          vfs objects = acl_xattr
          store dos attributes = Yes

They have no place in a Samba AD DC smb.conf.

There is only one way to have the same ID's everywhere on Unix and that
is to use the winbind 'ad' backend. This entails giving your users &
groups uidNumber & gidNumber attributes, then run 'net cache flush' on
the DC, most ID's will change.

You then need to set up the smb.conf correctly on the Unix domain
member (yours is correct as far as it goes, it just doesn't go far
enough).

Can I suggest you read this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Anything you don't understand, or have questions about, please ask.

Rowland




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba