Consistent ID mapping

Sassy Natan sassyn at
Wed May 13 13:02:23 GMT 2009

Dear Volker

Can you provide some more info about idmap_ad ?
I search google and couldn't find a good starting point to learn about this

A quick overview about my setup is that I'm using Microsoft Windows Server
2003 RC2 with RFC2307 so all my users have UID, GID attributes
configured. On my Linux machine I have used LIBNSS_LDAP and PAM_KRB5  which
provide my users to authenticated based on there active directory user. Now
I have setup Samba3 on the server and make a simple share. When trying to
make the share compatible with CIFS NTFS Like permission (Domain Users
having Full Control permission etc...) I get errors and everything seems
to fail. I guess this setup doens't know rellay how to SID to UID so I must
used winbind.

Can you please provide a small example how to configure samba share to use
RFC2307 with NTFS style permission (taking into account that the linux
server is part of the domain, having NTP setup, pam module, nsswitch.conf
configure etc....).

My FileSystem is at the moment XFS but I once I will get that to work - I
plan to move on to ZFS on Solaris.
Then My next goal is to check this via Samba4 instead of Micro$oft Server.

Thanks for the help

On Tue, May 12, 2009 at 10:07 AM, Volker Lendecke <Volker.Lendecke at
> wrote:

> On Tue, May 12, 2009 at 08:58:13AM +0200, miguel.sanders at arcelormittal.comwrote:
> > Well the TDB files are not on the GPFS filesystem. Besides
> > ID mapping, is this mandatory to put this on the GPFS
> > filesystem?
> That's the point of ctdb: You do not *want* the tdb files on
> GPFS. Any clustered file system is several orders of
> magnitude too slow for the specific load Samba puts on its
> internal databases. That's why we developed ctdb.
> > I have been looking at the idmap_rid but afaik that's only
> > valid in a single AD domain configuration. (I have
> > multiple...)
> No, it isn't. At least in 3.2 and beyond the RID backend can
> easily work with more than one domain.
> Volker

More information about the samba-technical mailing list