s4 managing posixAccount and posixGroup with samba-tool?
Rowland Penny
repenny at f2s.com
Tue Nov 27 03:32:54 MST 2012
On 26/11/12 22:08, David Mansfield wrote:
>
>
> On 11/26/2012 04:59 PM, Rowland Penny wrote:
>> On 26/11/12 21:01, Bernd Markgraf wrote:
>>>> How about exporting all the users somehow, then writing a script to
>>>> create them as new users in a S4 domain?
>>>> OK, they all get new UID's through RID but this shouldn't be a problem
>>>> really and once completed all your user details will be in one place,
>>>> your S4 AD.
>>> That ignores the fact that there may be one or more other services
>>> involved that rely on already existing UID numbers. NFS being a nice
>>> example.
>>> Recreating the users may seem like a nice idea in order to have all
>>> user
>>> info in one place. Chown'ing millions of files (I would currently have
>>> about 40 million files on 3 nfs servers with about 1000 different uids,
>>> ~250 currently being active) to get the mapping to new UIDS right is
>>> just not that much fun. I think it was/is a better idea to manually
>>> assign posix UID/GID numbers to new users in such cases.
>>>
>>> just my .02¢
>>> Bernd
>>>
>>>
>>>
>>>
>> Ok, for your installation it wouldn't be feasible, but the OP states
>> that he only has approx 100 unix users, with only about 25 of them
>> connected to a samba DC. It may be possible to add the other 75 users to
>> the DC and then perform a classicupgrade to S4, but then it may be
>> quicker to start anew. I think that the OP needs to tell us just what he
>> needs the finished setup to be and if Windows is involved in any way.
> I want to authenticate all users, unix and windows to a replicated s4
> environment. Unix users should keep existing UID/GID. Windows users
> should keep existing SID. User-private groups are also in play here,
> which will be my next headache assuming this migraine can be tamed.
>
> Currently unix users are authenticating largely using local passwords
> which get set on as needed basis (most machines use ssh-key
> authentication so no password is necessary), however the haystack of
> passwords is growing and s4 looks like a slick way to eliminate that.
>
> Thanks,
> David
>
>
>
Hi, as I see it you have a Samba3 DC with approx 25 unix users and
another 75 approx unix users, you also have an unquantified number of
windows users. Is the S3 DC running as a PDC i.e. are any of the other
machines joined to it in a domain, or is it a workgroup and the DC is
just a fileserver?
As for the SID, I do not think that you will be able to keep it (someone
will jump in here and explain if I am wrong, if so TIA) because the SID
is different for every workgroup & domain.
Is there a Windows Server on the network?
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba-technical
mailing list