[Samba] Re: samaba winwind
ma at sernet.de
Fri Sep 12 09:19:29 GMT 2008
Andreas Ladanyi wrote:
> vishesh schrieb:
> >dear all
> >i am running samba 3.0.28 on two server and using winbind to get active
> >directory users and group. the problem i facing is attach the uid
> >assigned for same user is diffrent on samba servers.
> The uid saved in the Active Directory is different from the winbind
> Linux side ?
No, the problem is that the uids on the two samba servers are
different for the same user. This is because you are using
(the default of) "idmap backend = tdb". This assigns increasing
uids (per server) to users in the the order the access the server.
If you need the same user ids, you have (at least) the following
1. Use "idmap backend = rid". Then a user gets the the
uid built as LOW_RANGE_UID + RID.
Here LOW_RANGE_UID is the lower bound of the range
"idmap uid = LOW_RANGE_UID - HIGH_RANGE_UID"
and RID is the "relative identifyer": the user SID
is built as follows: DOMAIN_SID-RID. i.e. the rid
is the last block of digits of the user's sid, hence
is unique inside one domain, and users will get the
same uid on all samba servers using "idmap backend = rid".
See the man paget idmap_rid(8).
2. Use "idmap backend = ad":
When you install the SFU (Services For Unix) schema
extensions, then you can set unix attributes for users
and groups in actice directory. and the same uid is
obtained for users on all samba servers using this backend.
Hope this helps,
Michael Adam <ma at sernet.de> <obnox at samba.org>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 206 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20080912/fc31b3fa/attachment.bin
More information about the samba