[Samba] New ADS infrastructure with winbind - Which is the best
ID-mapping: IDMAP_RID or IDMAP LDAP with ADS + SFU schema ?
Doug VanLeuven
roamdad at sonic.net
Fri May 13 02:46:15 GMT 2005
Steffen Kolbe wrote:
> A question for the best winbind SID-UID/GID mapping in our situation:
>
> I'm building a new infrastructure with Windows 2003SP1 ADS
> Domaincontrollers and some Debian Servers (File: Samba+NFS; Mail; Web;
> ....) and varios XP and Debian Clients.
>
> After reading Chapter 12. (Identity Mapping) in the Samba-HOWTO is
> IDMAP_RID in couple with winbind an easy way to solve the problem with
> syncr. SID-UID/GID's on all Linux machines.
> Why should I use the "hard way" with the MS SFU 3.5 Schema extensions,
> PADL and so on - when IDMAP_RID seems to be so easy?
>
> Can anybody tell me something about the "deeper backgrounds" and which
> of both ist the best solution for us?
If you have an existing base of unix uid/gid accounts to maintain,
consider the mapping capabilities of SFU 3.5 and padl idmap_ad.
If there is no existing base of unix uid/gid accounts, consider IDMAP_RID.
Regards, Doug
More information about the samba
mailing list