Design flaw winbindd idmapping?
idra at samba.org
Thu Jul 13 15:40:10 GMT 2006
On Thu, 2006-07-13 at 17:16 +0200, Volker Lendecke wrote:
> On Thu, Jul 13, 2006 at 12:04:09AM -0400, simo wrote:
> > Can't you just use the values set in ad ?
> > I do not see where the conflict lies.
> Winbind nested groups are local to the domain member or
> trusting DC and thus can very well conflict with the local
> groups on a domain controller. Maybe we really need a range
> separate for them.
You mean the local builtin groups or local machine SID groups ?
I think we should have a way to associate different idmap backends with
different configurations to different domains. This would handle this
case too, you will just need to configure things like:
and so on ...
Samba Team GPL Compliance Officer
email: idra at samba.org
More information about the samba-technical