Samba4 patch for manipulating Unix attributes via ADUC
abartlet at samba.org
Wed Jul 11 19:11:42 MDT 2012
On Wed, 2012-07-11 at 23:55 +0200, Gémes Géza wrote:
> The attached patch makes it possible to provision in a way
> (--fake-ypserver=yes) that allows manipulating the Unix attributes of
> users/groups via ADUC.
> It does that by provisioning as if it would be used by the MS NIS server.
> Please review the attached patch.
It certainly looks like a good idea, and I really appreciate getting
patches for important practical administration issues such as this.
I have a few questions/concerns:
How does the max uid/gid thing work, particularly with distributed user
creation? (This is why we never tried this before, because we were told
that no such mechanism existed).
We need to ensure the default for these values is sensible for s3
upgrades, and is somehow correlated with the default idmap range
I think that this should be tied to setting 'use rfc2307' by default in
the smb.conf, and we should probably refer to it as NIS or NIS/YP rather
than YP. To avoid adding too many different parameters to provision,
the NIS domain should just be the netbios domain name (folks can always
change it later if need be).
The other UID allocation scheme we should consider is the
trustPosixOffset and RID scheme.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical