samba idmap rfc2307/SFU and others

Fri Jan 23 09:02:22 GMT 2009

zeropoint wrote:
> 
> I agree, I feel this is the best approach and I do understand the conflicts
> that could arise. I just though maybe have 2 different ID map ranges kind of
> like you can have different ID maps for different domains.

But even if you could specify a second, disjoint for allocating
ids for those users that did not get an ID out of SFU/rfc2307:
What happens when the AD admin decides that a user that did
formerly not have a unix ID should now have a UID in the posix
attributes. Should samba drop its allocated UID for this user?
This would lead to problems since the files on disk are stored
with the uid not the name of the owner and would now belong to
a different user (ID) than expected. The alternative to ignore
new settings in SFU is also not satisfying. So trying to mix these
two sources of UnixIDs for one domain, inevitably leads to problems.

> Thanks for the info, I'll stop my endless testing and searching.

Yep, I think this is best.

Cheers  - Michael

> simo-7 wrote:
> > 
> > On Fri, 2009-01-23 at 02:37 +0200, Sassy Natan wrote:
> >> at the moment samba doens't have support for the rfc2307
> >> 
> >> the posix account schema class is not in the samba schema (yet)
> >> This means you can not have unix machine grab the info form the samba
> >> machine
> >> 
> >> you can use winbind, but I guess the nss_ldap is much better for this
> >> task
> >> 
> >> sassy
> >> 
> >> On Fri, Jan 23, 2009 at 2:27 AM, zeropoint <jpsergent at gmail.com> wrote:
> >> 
> >> >
> >> > I have samba setup and working very well with SFU r2 rfc2307, and I am
> >> > pleased with how it is working. I am making a file server for a mixed
> >> > environment, linux and windows. I was wondering if anybody knew if it
> >> is
> >> > possible for samba to allocate UIDs and GIDs on users and groups that
> >> do
> >> > not
> >> > have the services for unix tab populated in the active directory. I
> >> want to
> >> > avoid "needing" to populate that tab for users that don't use
> >> linux/unix
> >> > systems, but do want access to the file server from windows. Thank you
> >> in
> >> > advanced.
> >> > --
> >> > View this message in context:
> >> >
> >> http://www.nabble.com/samba-idmap-rfc2307-SFU-and-others-tp21616576p21616576.html
> >> > Sent from the Samba - samba-technical mailing list archive at
> >> Nabble.com.
> >> >
> > 
> > Sassy, samba 3.x does support using rfc2307 against AD domain
> > controllers, what zeropoint is asking is something completely different.
> > 
> > Zeropoint, no what you ask cannot be done at this moment, and it would
> > lead to potential conflicts as your samba server may allocate ids later
> > on introduced in AD.
> > Although annoying it is certianly better to put all eggs in one basked
> > and add the posix attributes to all windows accounts that need to access
> > your samba server.
> > 
> > Simo.
> > 
> > 
> > -- 
> > Simo Sorce
> > Samba Team GPL Compliance Officer <simo at samba.org>
> > Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
> > 
> > 
> > 
> 
> -- 
> View this message in context: http://www.nabble.com/samba-idmap-rfc2307-SFU-and-others-tp21616576p21616806.html
> Sent from the Samba - samba-technical mailing list archive at Nabble.com.

-- 
Michael Adam <ma at sernet.de>  <obnox at samba.org>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20090123/eac1e5ff/attachment.bin