RE: [Samba] Retry: Mapping AD domain users to UNIX users - Samba

This is a discussion on RE: [Samba] Retry: Mapping AD domain users to UNIX users - Samba ; Bless you Hans! I've been trying to figure this out for a while now. I did not know that idmap_nss existed! > -----Original Message----- > From: samba-bounces+mikes=hartwellcorp.com@lists.samba.org > [mailto:samba-bounces+mikes=hartwellcorp.com@lists.samba.org] > On Behalf Of Hansjörg Maurer > Sent: Wednesday, January 23, ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: RE: [Samba] Retry: Mapping AD domain users to UNIX users

  1. RE: [Samba] Retry: Mapping AD domain users to UNIX users

    Bless you Hans! I've been trying to figure this out for a while now. I did not know that idmap_nss existed!

    > -----Original Message-----
    > From: samba-bounces+mikes=hartwellcorp.com@lists.samba.org
    > [mailto:samba-bounces+mikes=hartwellcorp.com@lists.samba.org]
    > On Behalf Of Hansjörg Maurer
    > Sent: Wednesday, January 23, 2008 5:20 AM
    > To: Nigel.Pain@scotland.gsi.gov.uk
    > Cc: samba@lists.samba.org
    > Subject: Re: [Samba] Retry: Mapping AD domain users to UNIX users
    >
    > Hi
    >
    > with recent (< =3.0.26 I think) samba Versions it is possible to use
    >
    > http://us3.samba.org/samba/docs/man/...map_nss.8.html
    >
    > idmap domains = DOMNAME
    > idmap config DOMNAME:backend = nss
    > idmap config DOMNAME:readonly = yes
    >
    > in our case.
    >
    > We are running 3.0.28 in security = ADS,
    > and Linux gets the same usernames from NIS vis nss.
    >
    > They are correctly mapped , and zhe windows security dialog shows
    > DOMNAME\username
    >
    > Regards
    >
    > Hansjörg
    >
    >
    >
    >
    > Nigel.Pain@scotland.gsi.gov.uk wrote:
    > > Further information:
    > >
    > > Someone suggested that the problem might be because of the

    > AD user names
    > > being uppercase, which could be resolved with a usermap

    > file. There are
    > > some AD user IDs that are uppercase (whereas all the UNIX ones are
    > > lowercase). However, I thought that the automatic mapping

    > took care of
    > > that? Also, I wanted to avoid having an explicit usermap

    > file as that's
    > > one extra thing to manage. Maybe I'm expecting too much of Samba?
    > >
    > > I tried configuring for a usermap file and adding an account mapping
    > > into it. However, the security properties on the Windows side still
    > > display the account in the form:
    > >
    > > u123456 (Unix User\u123456)
    > >
    > > Regards,
    > > Nigel
    > >
    > > ----------------------------------------
    > > Nigel Pain
    > > The Scottish Government
    > > Corporate Systems Support
    > > Information Systems and Information Services (ISIS)
    > > Victoria Quay
    > > EDINBURGH
    > > EH6 6QQ
    > > UK
    > >
    > >
    > > ************************************************** ******
    > >
    > > This e-mail (and any files or other attachments transmitted

    > with it) is intended solely for the attention of the
    > addressee(s). Unauthorised use, disclosure, storage, copying
    > or distribution of any part of this e-mail is not permitted.
    > If you are not the intended recipient please destroy the
    > email, remove any copies from your system and inform the
    > sender immediately by return.
    > >
    > >
    > >
    > > Communications with the Scottish Government may be

    > monitored or recorded in order to secure the effective
    > operation of the system and for other lawful purposes. The
    > views or opinions contained within this e-mail may not
    > necessarily reflect those of the Scottish Government.
    > >
    > > ************************************************** ******
    > >
    > >
    > > The original of this email was scanned for viruses by the

    > Government Secure Intranet virus scanning service supplied by
    > Cable&Wireless in partnership with MessageLabs. (CCTM
    > Certificate Number 2007/11/0032.) On leaving the GSi this
    > email was certified virus free.
    > > Communications via the GSi may be automatically logged,

    > monitored and/or recorded for legal purposes.
    > >

    >
    > --
    > __________________________________________________ _______________
    >
    > Deutsches Zentrum fuer Luft- und Raumfahrt e.V.
    > in der Helmholtz-Gemeinschaft
    >
    > Institut fuer Robotik und Mechatronik
    >
    > Dr. Hansjörg Maurer
    >
    > LAN- und Systemmanager
    >
    > Münchner Strasse 20
    > 82234 Wessling
    > Germany
    >
    > Telefon: 08153/28-2431
    > Telefax: 08153/28-1134
    >
    > E-Mail: Hansjoerg.Maurer@dlr.de
    > Internet: http://www.robotic.dlr.de/
    >
    > __________________________________________________ ________________
    >
    >
    > There are 10 types of people in this world,
    > those who understand binary and those who don't.
    >
    > --
    > To unsubscribe from this list go to the following URL and read the
    > instructions: https://lists.samba.org/mailman/listinfo/samba
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] Retry: Mapping AD domain users to UNIX users

    About two months ago I actually tried setting up an enviornment in vmware
    with samba plus using active directory RFC 2307 schema extensions to get
    username information mapped properly between multiple nfs and samba servers.

    I failed because I think documentation at that time using idmap_nss was
    lacking. I found lots of winbind howtos and documentation, but very
    little regarding what I wanted to do. I would definately use the latest
    samba (3.0.25+), even though installing it on solaris is a nightmare, you'll
    be better off in the long run.

    Has anyone successfully done this? I got everything working including
    kerberos and joining the domains, except for a proper smb.conf file.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread