[Samba] PAM Offline Authentication in Ubuntu 22.04
Rowland Penny
rpenny at samba.org
Wed Jun 28 17:03:05 UTC 2023
On 28/06/2023 12:32, Marco Gaiarin via samba wrote:
> Mandi! Markus Dellermann via samba
> In chel di` si favelave...
>
>>> No, i cannot try RID, or at least i'll need to setup a different test
>>> domain...
>> No, i ve meant only one client for testing...
>
> OK, but if i setup RID on the client/workstation and rfc2307 on the
> server/AD, i'll simply get incoherent mappings, right?
Well, yes, but I think it was more for testing purposes, so it shouldn't
really matter in that case.
>
> Rowland, i can really use on a client rid and on the domain rfc2307? I'm
> thinking about this, and probably yes... at least for a portable system
> where plausibly i don't need NFS...
Clients do not care what is in AD (provided there is something there),
it relies on the idmap backend to tell it how to get the Unix ID's. The
'ad' idmap backend 'pulls' the rfc2307 attributes from AD and the 'rid'
idmap backend uses the RID to calculate the Unix ID. This means that you
can use different backends on different machines and it will work.
If you stop and think about it, Windows doesn't use any idmap backend,
but if you copy a file from a Samba machine to a Windows machine, it
retains its ownership.
Rowland
More information about the samba
mailing list