[Samba] SaMBa 4.16.4 adds users to ACLs as groups
Rowland Penny
rpenny at samba.org
Tue Jun 13 09:26:27 UTC 2023
On 13/06/2023 10:03, Ralph Boehme via samba wrote:
> Hi!
>
> On 6/13/23 00:57, Tamás Németh via samba wrote:
>> But why does SaMBa 4.16.4 do what is does, when back then SaMBa 4.6.5
>> didn't do it yet?
>
> hm, afair this should have worked that way in 4.6.5 as well. If it
> didn't, that was probably a bug.
>
> The reason for this feature, is that this allows storing Windows groups
> as file owner as well Windows to Linux identity mapping type to change
> from user to group which happens as part of SID history.
>
> -slow
>
>
Hang on, I have just had another thought (yes, I know, dangerous)
From my understanding, a Samba AD DC uses idmap.ldb because it allows
groups to be set as 'ID_TYPE_BOTH'.
Now that it is known that AD groups on a Unix domain member can do the
same without 'idmap.ldb', is there any other reason to stick with
idmap.ldb on a Samba AD DC ?
Rowland
More information about the samba
mailing list