Samba 4 and winbind
Alexander Bokovoy
ab at samba.org
Mon Apr 15 12:39:20 MDT 2013
On Mon, Apr 15, 2013 at 9:11 PM, Rowland Penny <repenny at f2s.com> wrote:
> On 15/04/13 18:55, Alexander Bokovoy wrote:
>
>
>
>
> On Mon, Apr 15, 2013 at 8:47 PM, Rowland Penny <repenny at f2s.com> wrote:
>
>> On 15/04/13 18:23, Alexander Bokovoy wrote:
>>
>>
>>
>>
>> On Mon, Apr 15, 2013 at 7:12 PM, Rowland Penny <repenny at f2s.com> wrote:
>>
>>> On 15/04/13 16:47, Jeremy Allison wrote:
>>>
>>>> On Mon, Apr 15, 2013 at 04:42:50PM +0100, Rowland Penny wrote:
>>>>
>>>>> Again, this I understand, but if Winbind was a stand alone daemon,
>>>>> like it is with S3, then you could choose to use it or not. I
>>>>> actually think that if there was a choice then most people would
>>>>> choose not to use winbind due to its complexity and inconsistency.
>>>>>
>>>> Oh, bitching on winbindd again. Very popular on this list it
>>>> seems :-).
>>>>
>>>> If you have specific problems, please log bugs. Don't just
>>>> try and make some specific code into the boogyman, we've
>>>> had enough of proprietarty vendors doing that against the
>>>> whole of Samba thanks very much, we don't need our own users
>>>> to join in.
>>>>
>>>> Jeremy.
>>>>
>>>>
>>>> OK, do you really want me to log a bug that basically says that
>>> because S3 & S4 winbinds are different and the fact that you cannot get the
>>> same uidNumber on the server as on the clients that winbind is broken!!
>>>
>> Yes, I do want you to log this bug. There is no reason why winbind
>> implementation in Samba AD DC should use unpredictable and dependent on the
>> order of allocations high watermark algorithm.
>>
>>
>> Could you please write this again in English, specifically the last
>> part.
>>
> Please file a bug about ID mapping in Samba AD DC winbind being different
> from ID mapping in previous Samba versions.
>
>
> OK, I will file a bug, but could you please advise me what 'the order of
> allocations high watermark algorithm' means in English, I do understand it
> at all.
>
If RFC2307 support is enabled, Samba AD DC will first look at uidNumber
attribute and return that. This gives you "easy" way to get the same
uidNumber values as in previous install -- when migrating users remember
all UID/GIDs and assign them manually using ldb tools, for example.
However, if no uidNumber attribute is available in the entry, in order to
allocate UID/GID for a SID, Samba AD DC winbind uses an algorithm that
remembers the last highest allocated UID/GID and increments it each time
new request for allocating UID or GID comes. This value is global, its
increase is independent of an order in which requests come.
It has some configurable starting value A and if ID is asked for two SIDs,
SID S-X-Y-Z-1024 first and for S-X-Y-Z-512 afterwards, the watermark would
be A+2. If requests would come in different order, say, S-X-Y-Z-512 and
then S-X-Y-Z-1024, the watermark will be still A+2 but IDs allocated for
those two SIDs will be different from the first case.
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list