Samba4 patch for manipulating Unix attributes via ADUC
robert.colquhoun at gmail.com
Sun Jul 15 00:01:52 MDT 2012
On Sat, Jul 14, 2012 at 10:05 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> The issue is doing this in a distributed way that is safe on a mix of AD
> implementations including Samba and Microsoft.
> So far, the only safe allocation mechanism is the RID allocation
Oh so need to stay 100% compatible with the microsoft implementation?
That does make adding custom functionality needed for unix clients
much more difficult.
Guessing RID allocation works as their is a single master to allocate
RIDs for the domain...its not really distributed as such is it? Maybe
i have misunderstood but if you implement this is there any point
adding uidNumber and gidNumber entries, shouldn't these values be
calculated direct from from the user/groups sid?
With RID allocaton scheme imagine there will be problems migrating
existing samba 3 or unix users that already have a uid/gid allocated
that could easily fall outside the RID allocated range. Also
sometimes unix users are created with identical uid/gid combination to
another unix user(a sort of alias) i don't imagine AD will like that
(Sorry if above questions are a bit ignorant, am new to this)
More information about the samba-technical