[Samba] SAMBA ADS to NIS mapping - Samba

This is a discussion on [Samba] SAMBA ADS to NIS mapping - Samba ; I am working in an environment with an HP-UX NIS that my Red Hat ES 4.x system is using for Unix access controls. My Red Hat system is serving as an NFS server for the HP-UX users who also could ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [Samba] SAMBA ADS to NIS mapping

  1. [Samba] SAMBA ADS to NIS mapping

    I am working in an environment with an HP-UX NIS that my Red Hat ES 4.x
    system is using for Unix access controls.

    My Red Hat system is serving as an NFS server for the HP-UX users who also
    could be Windows users coming from a Windows Server 2003 active directory.

    I have tested some configurations of SAMBA using winbind, but I don't get
    the results I want. What happens when using winbind (via authconfig) is
    that if I have the template directory for homedir configured as per below,
    the home directory must be owned by REALM\user, rather than mapping over to
    the NIS user owned directory in the same location. For now, I've disabled
    winbind since we don't actually have need for it outside of helping to map
    usernames from Windows ADS to Unix NIS (if we are actually supposed to use
    it there).

    What I want to have happen is that REALM\username maps over to a user from
    the NIS. As an example, what I am expecting is that I need to have an
    smbpasswd file that includes all of the users from my NIS. I have done that
    via instructions taken from
    http://www.redhat.com/docs/manuals/l...-guide/s1-samb
    a-configuring.html that instruct to do:

    ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd


    I have set username map = /etc/samba/smbusers and have added a few specific
    users (for testing) to the mapping there with unixname = windowsname for
    the users I am testing on.


    The Red Hat server has been joined to the Windows domain, kerberos is
    working fine, and when I have winbind running I can successfully use wbinfo
    -g or wbinfo -u to dump the group or user names. (Though I have winbind off
    at the moment).

    Again though, what I really want to have happen is for windows usernames to
    be mapped over to NIS usernames so that when a Windows user attempts to
    access their home directory they will be able to.


    Anyone able to help clear up my confusion here and point me in the proper
    direction to have names from one side mapped to names on the other side?




    Snippets from smb.conf
    [global]
    security = ADS
    username map = /etc/samba/smbusers

    # WINBIND stuff
    template homedir = /exports/home/%u
    template shell = /bin/bash

    #============================ Share Definitions
    ==============================
    # idmap uid = 16777216-33554431
    # idmap gid = 16777216-33554431
    idmap uid = 16777216-33554431
    idmap gid = 16777216-33554431
    password server = WINDOWSPASSWORDSERVER
    realm = REALM
    # winbind use default domain = no



    Thanks in advance!


    Bcd


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. RE: [Samba] SAMBA ADS to NIS mapping


    D'oh! I think I have things figured out actually, but have a remaining
    issue to unburden if someone is able to help.

    First, the username mapping (without winbind in effect) seems to be working
    for me now. I had thought it wasn't functioning properly because when I
    browsed to \\sambaserver I would see my named folder (home directory there)
    showing up, but couldn't access same.

    I was not paying enough attention to see that the real problem there is that
    samba was trying to map my home folder based on the path noted in the NIS (
    which is just /home/username ) rather than the path that the samba server is
    using to get there currently ( /exports/home/username )

    I updated the path under the [homes] tag in the samba.conf to get that
    resolved and woohoo! Things work there now.


    But, I'm left with a final issue, or what I think is a final issue.

    My Windows names typically do not exactly match the Unix usernames. As an
    example I have users in Windows in the following format:
    FirstInitialMiddleInitialLastname so Joe The User would be JTUSER. Over on
    Unix I have that same user as JUSER.

    During earlier testing, even with the smbusers file noting that juser =
    REALM\jtuser jtuser the mapping that samba was doing for the home directory
    always seemed to be attempting to go to a folder named after the windows
    user, rather than one named after the NIS username.

    How do I make sure that the home directory that is shown is the properly
    named NIS username folder, rather than one that doesn't exist (the longer
    windows named folder)?


    Thanks in advance again for helping to clear this all up for me.


    Bcd



    -----Original Message-----
    From: samba-bounces+barry.dowell=ai-solutions.com@lists.samba.org
    [mailto:samba-bounces+barry.dowell=ai-solutions.com@lists.samba.org] On
    Behalf Of Barry Dowell
    Sent: Thursday, July 05, 2007 6:24 PM
    To: samba@lists.samba.org
    Subject: [Samba] SAMBA ADS to NIS mapping

    I am working in an environment with an HP-UX NIS that my Red Hat ES 4.x
    system is using for Unix access controls.

    My Red Hat system is serving as an NFS server for the HP-UX users who also
    could be Windows users coming from a Windows Server 2003 active directory.

    I have tested some configurations of SAMBA using winbind, but I don't get
    the results I want. What happens when using winbind (via authconfig) is
    that if I have the template directory for homedir configured as per below,
    the home directory must be owned by REALM\user, rather than mapping over to
    the NIS user owned directory in the same location. For now, I've disabled
    winbind since we don't actually have need for it outside of helping to map
    usernames from Windows ADS to Unix NIS (if we are actually supposed to use
    it there).

    What I want to have happen is that REALM\username maps over to a user from
    the NIS. As an example, what I am expecting is that I need to have an
    smbpasswd file that includes all of the users from my NIS. I have done that
    via instructions taken from
    http://www.redhat.com/docs/manuals/l...-guide/s1-samb
    a-configuring.html that instruct to do:

    ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd


    I have set username map = /etc/samba/smbusers and have added a few specific
    users (for testing) to the mapping there with unixname = windowsname for
    the users I am testing on.


    The Red Hat server has been joined to the Windows domain, kerberos is
    working fine, and when I have winbind running I can successfully use wbinfo
    -g or wbinfo -u to dump the group or user names. (Though I have winbind off
    at the moment).

    Again though, what I really want to have happen is for windows usernames to
    be mapped over to NIS usernames so that when a Windows user attempts to
    access their home directory they will be able to.


    Anyone able to help clear up my confusion here and point me in the proper
    direction to have names from one side mapped to names on the other side?




    Snippets from smb.conf
    [global]
    security = ADS
    username map = /etc/samba/smbusers

    # WINBIND stuff
    template homedir = /exports/home/%u
    template shell = /bin/bash

    #============================ Share Definitions
    ==============================
    # idmap uid = 16777216-33554431
    # idmap gid = 16777216-33554431
    idmap uid = 16777216-33554431
    idmap gid = 16777216-33554431
    password server = WINDOWSPASSWORDSERVER
    realm = REALM
    # winbind use default domain = no



    Thanks in advance!


    Bcd


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread