winbindd_idmap.tdb recovery

Martin.Sheppard at Martin.Sheppard at
Sat Feb 9 23:39:08 GMT 2002

I'll just add my 2 cents into this discussion. I know it wouldn't suit
everybody, but in my organisation it would seem that the most appropriate
place to store the UID mapping is by having a UID field for user objects in
Active Directory. That way you get a consistent mapping across the
organisation without going to the trouble of writing your own distributed
database. It also gives you the possibility of looking at using either
nss_ldap or winbind on the clients depending on which is more appropriate. 

Has any thought been given to having winbind be able to operate in this way?



-----Original Message-----
From: Jean Francois Micouleau [mailto:Jean-Francois.Micouleau at]
Sent: Friday, February 08, 2002 5:08 PM
Cc: 'samba-technical at'
Subject: RE: winbindd_idmap.tdb recovery

The only other 'automatic' way I see around this is to go ahead and assign
on a 1st come 1st serve basis, but require all the samba member servers in a
particular domain to know about each other, and implement some sort of
winbindd_idmap multiple master scheme, where if you didn't find a local map
for the sid comming in, before you did the mapping, you checked with your
'samba ring' to see if the sid had been mapped anywhere else, and use
the same mapping.  And with all the syncronization problems, etc. this could
be a nightmare to bulletproof.

Thanks for continuing the conversation!

More information about the samba-technical mailing list