[Samba] Winbind mappings change over time
Richard Greaney
richard at net-solutions.net.nz
Wed Nov 1 02:10:08 GMT 2006
simo wrote:
> On Wed, 2006-11-01 at 08:52 +1300, Richard Greaney wrote:
>> Hi Simo
>> Thanks for your reply. I might have made things a little hazy in my
>> initial post. The 40-odd servers I mentioned are all on remote client
>> sites and each has it's own corresponding Windows server. Effectively, I
>> have the same problem on all sites at one time or another. My issue
>> isn't with the order of winbind mapping, but more with the fact that the
>> SID to UID mapping appears to change over time.
>
> This can happen only if you delete winbind_idmap.tdb
> Mappings cannot change otherwise. Make sure you backup that file so that
> you can restore it in case you need.
>
>> I will take a look for information about idmap_ldap as a backend to see
>> if it is going to work with my setup.
>
> idmap_ldap is useful if you need to share mappings, otherwise it is less
> ideal for reliability and performance reasons (you start needing ldap
> replicas and manage them).
>
> Simo.
>
What about idmap_rid (or just rid as it's called these days)? You
mentioned this in an earlier email but I read it as idmap_ldap.
Obviously it doesn't work on trusted domains, but apart from that would
this be the best option for use in <1000 user sites?
--
Richard Greaney
Senior Technician
NET Solutions
Massey University College of Education
Palmerston North
e-mail: richard at net-solutions.net.nz
Phone: 06 351 3323
More information about the samba
mailing list