[Samba] idmap backend problems
John H Terpstra
jht at samba.org
Fri Mar 4 18:44:22 GMT 2005
On Friday 04 March 2005 11:30, Samba wrote:
> I disagree. According to the Release Notes the idmap_rid does NOT
> require an LDAP server. The way I understand it is uses the last part
> of your SID to derive what your UID will be, thus you will have
> consistancy across your Sambas.
Correct. The idmap_rid facility uses the RID as the UID.
> I compiled my samba the same way and it is working however I am
> encountering problems with the winbind daemon while in this mode. I
> have submitted another topic on this problem.
Please check the documentation in the chapter I added to the
Samba-HOWTO-Collection that is available on the Samba web site. If you have a
large number of users or groups it is necessary to disable winbind user and
group enumeration - otherwise performance issues will eat sambas' heart
NOTE the above point please. In a site with a single domain and around 20,000
users user and group enumeration would kill the ability to use idmap_rid.
With these turned off everything seems to work OK.
> Did you setup your /etc/nsswitch.conf file ?
From the posting I am guessing the original poster had done that.
- John T.
> -----Original Message-----
> From: samba-bounces+samba=guidemail.com at lists.samba.org
> [mailto:samba-bounces+samba=guidemail.com at lists.samba.org] On Behalf Of
> Paul Gienger
> Posted At: Friday, March 04, 2005 8:39 AM
> Posted To: Samba
> Conversation: [Samba] idmap backend problems
> Subject: Re: [Samba] idmap backend problems
> >After reading the docs, I get the impression that I should use a idmap
> >backend to have consistent uid's. Am I correct?
> Not so much, you're on the right path tho. The idmap is primarily to
> give a mapping between unix uids and windows SIDs when the users come
> from an AD system or something of that nature. Basically if you don't
> have real unix users you use winbind and idmap to get it done... if I
> understand correctly. I don't use either.
> >I don't have an LDAP server, and I'd prefer not to add another service
> >to the chain, so I recompiled samba with
> That's essentially what you need to do unfortunately. You need to store
> the mapping someplace globally accessable for both machines to read it.
> I see the light bulb going off in your head WRT storing the idmap file
> on an nfs mount or some other shared filesystem, don't do it, it won't
> Paul Gienger Office: 701-281-1884
> Applied Engineering Inc.
> Systems Architect Fax: 701-281-1322
> URL: www.ae-solutions.com mailto: pgienger at ae-solutions.com
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
John H Terpstra
Phone: +1 (650) 580-8668
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba