Hey all,
Don't know if there's any Samba guru's here but I figured it's
worth posting to see as I'm stumped.
I have 4 servers running Samba.
The First is Acting as a PDC with roaming profile logons as well as an
LDAP server. I am using the smbldap-tools to administer the two.
That works great.
I also have 3 other network file servers that are mapped to use LDAP
from the PDC for posix account info. I set the smb.conf on each of them
to use LDAP for sambaSamAccount info also via below:
# Specifying ldapsam backend database
####################################################
passdb backend = ldapsam:ldaps://my.pdc.servername.com
username map = /etc/samba/smbusers
# OpenLDAP stuff is defined here
###################################################
ldap suffix = dc=my,dc=pdc,dc=servername,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Users
ldap admin dn = uid=Admin,ou=Users,dc=my,dc=pdc,dc=servername,dc=com
ldap ssl = On
ldap passwd sync = Yes
idmap uid = 150000-550000
idmap gid = 150000-550000
Now the accounts can log in fine with single point LDAP user management
from all the systems posix, samba or otherwise. The problem I am having
is the SID from the PDC box is what is used to generate the data in the
users sambaSID LDAP entry. As a result, The "Owner" field in the
Windows file Explorer is correct for the homes share from the PDC in
that it displays the "workgroup\joeuser" posix name. Shares mapped from
the file servers show the long
S-1-5-21-1234567890-1234567890-1234567890-2308 (with the last four being
the rid?) where the first part is the SID from the PDC as the "Owner".
Is there a way to make these display the right posix name also instead
of the long non-useful sambaSID?
Thanks!!
Mike Branda Jr.
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:43:04 EDT