[Samba] [Samba 4] Issues with uidNumber and gidNumber in AD for Linux clients
Andrew Bartlett
abartlet at samba.org
Wed Jan 23 19:27:04 MST 2013
On Wed, 2013-01-23 at 18:29 +0100, Fred F wrote:
> 2013/1/22 Gémes Géza <geza at kzsdabas.hu>:
> > I don't agree, because users can be members of multiple groups, not just the
> > group identified as their primary group
> Well, yes. That is not the point. Users can still be members of
> multiple groups (e.g. CN=Domain Admins,CN=Users,CN=DOMAIN), through
> the "member" attributes of the AD/LDAP nodes, but the actual issue
> here is that plain users do not show up in (CN=Domain
> Users,CN=Users,CN=DOMAIN), because "Domain Users" is set as the
> primary group directly. Additionally added groups show up on the Linux
> side as well, just not the primary group (with my approach).
>
> Any other thoughts? Isn't this scenario one of the most common usage
> scenarios ever? Serving both Windows and Linux? How come so little
> information is available about Samba4 with Linux clients?
That is because there isn't anything special about Samba 4.0 as an AD DC
with Linux clients that hasn't already been done for a Windows AD
domain.
The Samba Team recommends winbind as the AD client to use on Linux,
because it handles these and many other details much better than just
nss_ldap.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list