samba 4 idmap problem
Kai Blin
kai.blin at gmail.com
Wed Oct 6 23:42:19 MDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2010-10-06 17:35, Taylor, Jonn wrote:
> Seems that each system is making up it own id's. Both the centos and
> fedora systems have the same idmap settings.
>
> idmap uid = 3000000-4000000
> idmap gid = 3000000-4000000
That means you're not setting an idmap backend, so this defaults to
"tdb" on the 3.5 boxes. In turn, this means that all three systems are
creating id mappings on an as-needed basis, creating uids and gids in
the order of the users/groups that request ids.
Unless you use some scheme that keeps the unixids in sync across the
network, you'll always be seeing this. Possible solutions include using
the "rid" backend to idmap, which will add the sid's RID part to the
idmap base. If you only have users coming in from one domain, that
should be fine for the 3.5 boxes.
The Samba4 idmap implementation is less sophisticated and only knows
about the "tdb"-like counting up unixids. Nothing much that can be done
about this right now. We're currently investigating the most viable way
to fix this.
Cheers,
Kai
- --
Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkytXbgACgkQEKXX/bF2FpQ1YACdG4f1GRHoWzarY8W5Xw2TEh96
O00An1YSpVBmRzYCePySJHZr0xdw3ua8
=0Bmi
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list