[Samba] AD and Linux UID/GID best practices.

Sven Schwedas sven.schwedas at tao.at
Tue Feb 18 05:24:43 MST 2014 

On 2014-02-18 13:03, Chan Min Wai wrote:
> On Tue, Feb 18, 2014 at 6:37 PM, Sven Schwedas <sven.schwedas at tao.at
> <mailto:sven.schwedas at tao.at>> wrote:
> 
>     Hi,
> 
>     On 2014-02-18 10:39, Chan Min Wai wrote:
>     > Dear All,
>     >
>     > I've some question.
>     >
>     > When I create new users/groups in AD DC. It seem that I still need
>     to add UID and GID in unix attribute.
>     >
>     > Possible my setup on rfc2370.
>     > So I would like to check if there is any other way to do this
>     without configuring UID and GID?
> 
>     Short answer: No.
> 
>     Long answer: Most certainly no, unless you don't need an AD in the first
>     place. If you're using neither Winbind nor SSSD and authenticate with
>     some hacked together LDAP adapter it might work, but you'll probably get
>     different UIDs/GIDs on different machines, which will create problems
>     sooner or later, and isn't half as reliable for authentication.
> 
>     >
>     > Thank you.
>     >
>     > Regards,
>     > Chan Min Wai
>     >
> 
>     --
>     Mit freundlichen Grüßen, / Best Regards,
>     Sven Schwedas
>     Systemadministrator
>     TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
>     Mail/XMPP: sven.schwedas at tao.at <mailto:sven.schwedas at tao.at> | +43
>     (0)680 301 7167 <tel:%2B43%20%280%29680%20301%207167>
>     http://software.tao.at
> 
> 
> Hi Sven
> 
> Can we directly use the SID from samba (by removing the rfc2370 in this
> case)
> Oh we must have GID and UID setup manually(I meant at lease need to add)

As far as I know, yes, GID and UID have to be allocated explicitly. SIDs
are used internally by Samba, but there's no stable mapping algorithm.

> 
> Thank you.
>   

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140218/ee1022d7/attachment.pgp>

More information about the samba mailing list