Recent changes to autorid (was Re: [SCM] Samba Shared Repository - branch master updated)

[Rowland Penny]

On 29/04/14 10:08, Michael Adam wrote:
> Hi Rowland,
>
> while your input is highly appreciated,
> I think it does not quite fit here, since
> the ID-Mapping we are talking about in this
> thread is the source3-winbindd's id mapping,
> which is not (yet!) the id mapping that is
> done on the DC.
>
> Cheers - Michael
>
> On 2014-04-29 at 09:57 +0100, Rowland Penny wrote:
>> On 28/04/14 17:42, Jeremy Allison wrote:
>>> On Mon, Apr 28, 2014 at 06:10:51PM +0200, Michael Adam wrote:
>>>> autorid currently only has ranges of a fixed size
>>>> ("idmap config * : rangesize = ...").
>>>> And, by "people", do you mean the developers?
>>>> We don't have a configuration means to create a range
>>>> for the wellknown sids, currently.
>>> As these SIDs are wellknown, and aren't going to
>>> change (only expand as Microsoft adds more), can't
>>> we just cut out a fixed area of say 500 id's and
>>> have hardcoded mappings for these ?
>>>
>>> If that range has already been used in someone's
>>> config, we refuse to start, and provide a mechanism
>>> for them to remap.
>>>
>>> A bit dramatic, but very simple.
>>>
>>> Jeremy
>> Hi, can I add my 2p's worth here, there is a thread on the samba
>> list at the moment about builtin's not mapping on the DC. The
>> problem seems to be that when you rsync sysvol to another DC, you
>> get the xidNumbers from the original DC on the client DC and these
>> xidNumbers are different from the ones that the client DC uses.
>>
>> Because of this, GPO's do not work correctly, or not at all, so, I
>> think that (IMHO) something needs to be done about this.
>>
>> Rowland
Hi Michael, Jeremy was proposing that the well know SID's should be 
hard-coded, I was just pointing out a reason why they should be.
What is the point in having another DC, if, when you rsync sysvol to it 
(the only way at the moment), you cannot use it because the ACL's are 
wrong ??

Rowland