s4: new classicupgrade and uids

steve steve at steve-ss.com
Fri Jun 22 04:35:03 MDT 2012

On 22/06/12 12:04, Andrew Bartlett wrote:
> On Fri, 2012-06-22 at 13:42 +0400, Sergey Urushkin wrote:
>> HI.
>> 22.06.2012 12:11, Andrew Bartlett написал:
>>> On Thu, 2012-06-21 at 16:43 +0400, Sergey Urushkin wrote:

> On primaryGroupID/gidNumber, we should carefully look at how that
> interatiction works.

We take the primaryGrouopID to be the group that that user creates files 
as when there is no acl set. e.g. in his home directory. We add the 
posixGroup class to the group and give it a gidNumber arrtibute which is 
related to the primaryGroupID. e.g. Domain Users we set to gidNumber 
20513 which relates to its primaryGroupID of 513. The low numbers of the 
primaryGroupID can collide with local Linux groups so adding say, 20000 
to it takes care of that whilst still making it readable (as opposed to 
the 3000000+ values for both uidNumber and gidumber from idmap)

   On loginshell etc, the main issue with including
> them (which makes sense) is that at the moment, the s4 winbind won't
> honour them (the clients can of course) .  I know this is a pain point,
> but it's also harder to fix (patches for this more difficult issue also
> welcome).

rfc2307 works well in the directory apart from uidNumber and gidNumber 
which still have to come from idmap even though we have them set in the 
directory. We have to set them in the directory and then change the xid 
values in idmap to correspond, otherwise s3fs sets file ownership 
according to idmap, not the values that are stored in the directory.

We are discussing the
idmap config DOMAIN : backend = rfc2307
on another thread. If that works it would be a big step forward.

Cheers and thanks for your time,

More information about the samba-technical mailing list