[Samba] Re: samaba winwind

[Michael Adam]

Hi,

Andreas Ladanyi wrote:
> vishesh schrieb:
> >dear all
> >i am running samba 3.0.28 on two server and using winbind to get active 
> >directory users and group. the problem i facing is attach the uid 
> >assigned for same user is diffrent on samba servers.
> 
> The uid saved in the Active Directory is different from the winbind 
> Linux side ?

No, the problem is that the uids on the two samba servers are
different for the same user. This is because you are using
(the default of) "idmap backend = tdb". This assigns increasing
uids (per server) to users in the the order the access the server.

If you need the same user ids, you have (at least) the following
two options:

1. Use "idmap backend = rid". Then a user gets the the
   uid built as LOW_RANGE_UID + RID.
   Here LOW_RANGE_UID is the lower bound of the range
   "idmap uid = LOW_RANGE_UID - HIGH_RANGE_UID"
   and RID is the "relative identifyer": the user SID
   is built as follows: DOMAIN_SID-RID. i.e. the rid
   is the last block of digits of the user's sid, hence
   is unique inside one domain, and users will get the
   same uid on all samba servers using "idmap backend = rid".
   See the man paget idmap_rid(8).

2. Use "idmap backend = ad":
   When you install the SFU (Services For Unix) schema
   extensions, then you can set unix attributes for users
   and groups in actice directory. and the same uid is
   obtained for users on all samba servers using this backend.
  
Hope this helps,

Michael

-- 
Michael Adam <ma at sernet.de>  <obnox at samba.org>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20080912/fc31b3fa/attachment.bin