s4: new classicupgrade and uids
steve
steve at steve-ss.com
Fri Jun 22 04:35:03 MDT 2012
On 22/06/12 12:04, Andrew Bartlett wrote:
> On Fri, 2012-06-22 at 13:42 +0400, Sergey Urushkin wrote:
>> HI.
>>
>> 22.06.2012 12:11, Andrew Bartlett написал:
>>> On Thu, 2012-06-21 at 16:43 +0400, Sergey Urushkin wrote:
>
> On primaryGroupID/gidNumber, we should carefully look at how that
> interatiction works.
We take the primaryGrouopID to be the group that that user creates files
as when there is no acl set. e.g. in his home directory. We add the
posixGroup class to the group and give it a gidNumber arrtibute which is
related to the primaryGroupID. e.g. Domain Users we set to gidNumber
20513 which relates to its primaryGroupID of 513. The low numbers of the
primaryGroupID can collide with local Linux groups so adding say, 20000
to it takes care of that whilst still making it readable (as opposed to
the 3000000+ values for both uidNumber and gidumber from idmap)
On loginshell etc, the main issue with including
> them (which makes sense) is that at the moment, the s4 winbind won't
> honour them (the clients can of course) . I know this is a pain point,
> but it's also harder to fix (patches for this more difficult issue also
> welcome).
rfc2307 works well in the directory apart from uidNumber and gidNumber
which still have to come from idmap even though we have them set in the
directory. We have to set them in the directory and then change the xid
values in idmap to correspond, otherwise s3fs sets file ownership
according to idmap, not the values that are stored in the directory.
We are discussing the
idmap config DOMAIN : backend = rfc2307
on another thread. If that works it would be a big step forward.
Cheers and thanks for your time,
Steve
More information about the samba-technical
mailing list