Nerdio 10-11-2011 03:14 AM

Samba : Mapping User home direcories, and forcing UID's and GID's
I have set up a Linux Box (RHEL 3) to test Samba/Kerberos/Winbind authenticating against a Windows 2003 R2 Active Directory. This all works fine now. My next step is to resolve a few 'odd' issues, so I can look to deploy this on 'live' servers. Can somebody give me some pointers / guidance on how I might be able to overcome the following;

1) The 'live' linux boxes already have accounts on them with local authentication. For example, user Fred Bloggs logs in as fredb, with a home directory of /usr/users/fredb. However, for reasons that are too long-winded to explain, Fred's domain login is bloggsf. What I would like to be able to achieve is that Fred logs into the linux box with his domain credentials and is givne his existing home directory of /usr/users/fredb. I am really not sure how this could be done. (NOTE : As an extra twist, the live servers use LDAP for authentication now, and the home directories are on a different server, or at least a partition from there is mounted locally).

2) Because of the way we work, users can switch there Group membership, depending on what they are working on. Users switch groups by running a simple script. Now, I am presuming that since I am authenticating against AD, then the UID and GID are stored within AD. Is it right to assume that if I change my GID on the Linus box, then Samba will replicate this change onto AD? (I guess I could try this, but don't have all the scripts available on my test server at the moment).

Many thanks in anticipation.

ostrosky.jeremiah 10-19-2011 11:14 AM

I believe you can achieve this with the smbusers file. It holds mappings of logins to unix usernames (for example, my username on my XP laptop and Linux box are both 'jeremiah' so a line in mine reads:

jeremiah = jeremiah

Not the greatest example I know because the logins are the same but yours would go something like:

bloggsf = fredb

There are some good links with tons of useful info (better than pouring through man pages). here's a few I used setting up my first samba server.

Like I said, I'm no expert but I've managed to get a Samba server up and running and authenticating properly and I believe what you are attempting to do is possible, just gonna have to toy around with it some. There should also be a way to force UID/GID or permissions on the shares.

Nerdio 10-20-2011 02:56 AM

Thanks for your reply, this was just the kind of lead I needed from my fairly vague question.

I have tried this, but to no avail. As you suggest though it just needs some tinkering I am sure. To that end I have created a new, more specific thread to cover the issue of mapping home directories, which is here;

