Discussion:
[Samba] winbind using active directory's unix attributes
ORTEGA DOMINGUEZ, GONZALO
2014-11-19 08:07:37 UTC
Permalink
We have Windows AD configured with identity for Unix so windows users
have their uid and gid set in the unix attributes tab of the Active
directory.

Aix server is joined to the AD successfully.

How can you make that Samba (winbind) uses Windows user's uid and gid
set in the active directory's unix attributes tab?

I have tested several configurations but when I set permissions in samba
shares from windows clients in the aix server I can not get to set the
uid and gid configure in the active directory's unix attributes tab.



Gonzalo Ortega
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Jakub Kulesza
2014-11-20 09:16:05 UTC
Permalink
I had similar problem on a server that needed proper PAM to verify users
for postgreSQL users. What I did, was setting up openldap working as a
proxy for Samba4 internal LDAP and nss_ldap as a pam plugin.

https://wiki.samba.org/index.php/Authenticating_other_services_against_AD
this is relevant.

What version of samba do you use? Can you post your smb.conf? Dou you have
acl and user_xattr enabled on your filesystem?

2014-11-19 9:07 GMT+01:00 ORTEGA DOMINGUEZ, GONZALO <
Post by ORTEGA DOMINGUEZ, GONZALO
We have Windows AD configured with identity for Unix so windows users
have their uid and gid set in the unix attributes tab of the Active
directory.
Aix server is joined to the AD successfully.
How can you make that Samba (winbind) uses Windows user's uid and gid
set in the active directory's unix attributes tab?
I have tested several configurations but when I set permissions in samba
shares from windows clients in the aix server I can not get to set the
uid and gid configure in the active directory's unix attributes tab.
Gonzalo Ortega
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
Pozdrawiam
Jakub Kulesza
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
ORTEGA DOMINGUEZ, GONZALO
2014-11-20 14:39:18 UTC
Permalink
Hi,



I’m using samba 3.5.8 on AIX .

Windows users can authenticate on my linux servers configured as ldap clients with Windows AD servers configured with Identity for Unix, so what I want is use ldap unix attributes sid and gid so I can keep the same permissions on all servers (AIX + Linux).

I’m testing this configuration right now :



idmap backend = tdb

idmap config DOMAIN : backend = ad

idmap config DOMAIN : range = 65536-999999999

idmap config DOMAIN : schema_mode = rfc2307



and it looks it works , I see on the aix server file’s permissions set with user’s AD unix attributes ( uid and gid )and when I access the file from windows I see the permission with the window user name.



thanks !



Gonzalo Ortega



From: Jakub Kulesza [mailto:***@gmail.com]
Sent: Thursday, November 20, 2014 10:16 AM
To: ORTEGA DOMINGUEZ, GONZALO
Cc: ***@lists.samba.org
Subject: Re: [Samba] winbind using active directory's unix attributes



I had similar problem on a server that needed proper PAM to verify users for postgreSQL users. What I did, was setting up openldap working as a proxy for Samba4 internal LDAP and nss_ldap as a pam plugin.

https://wiki.samba.org/index.php/Authenticating_other_services_against_AD this is relevant.

What version of samba do you use? Can you post your smb.conf? Dou you have acl and user_xattr enabled on your filesystem?



2014-11-19 9:07 GMT+01:00 ORTEGA DOMINGUEZ, GONZALO <***@aernnova.com>:

We have Windows AD configured with identity for Unix so windows users
have their uid and gid set in the unix attributes tab of the Active
directory.

Aix server is joined to the AD successfully.

How can you make that Samba (winbind) uses Windows user's uid and gid
set in the active directory's unix attributes tab?

I have tested several configurations but when I set permissions in samba
shares from windows clients in the aix server I can not get to set the
uid and gid configure in the active directory's unix attributes tab.



Gonzalo Ortega
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba




--

Pozdrawiam
Jakub Kulesza
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/sa
Loading...