[Samba] Winbind group mapping problem

Linux Addict linuxaddict7 at gmail.com
Tue Feb 10 20:36:24 GMT 2009


On Tue, Feb 10, 2009 at 1:27 PM, Dale Schroeder <
dale at briannassaladdressing.com> wrote:

> Unfortunately, simply switching to idmap_rid at this point will not rectify
> your immediate problem.  Winbind will apply uid's and gid's via a specific
> algorithm, which will once again be different from your current mappings.
> However, if you wish to ensure consistent mappings for the future (new
> server or multiple servers), then you would switch to idmap_rid and manually
> set the ownerships this one time.
> Having multiple servers, it was worth the time and effort for me to do so;
> but of course, this may not be a pressing need for you.
>
> HTH,
> Dale
>
>
> Ben Tisdall wrote:
>
>> Dale Schroeder wrote:
>>
>>
>>> Which winbind idmap backend are you using?
>>> The default tdb backend generates id's randomly (which appears to be
>>> your case), meaning you will have to do a lot of chown commands on box B.
>>> For consistent mappings, use something like idmap_rid.
>>>
>>>
>>> http://us6.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2598850
>>>
>>>
>>
>> Thanks very much Dale, I was using the tdb backend.
>>
>> I read the docs but I'm not clear on whether the configuration can
>> simply be  retrofitted to both servers or whether changes to the data
>> itself will be needed.
>>
>> I did make a quick test but aside from ownerships showing as 'user'
>> rather than 'DOMAIN\user' nothing changed in respect of missing UIDs/GIDs.
>>
>> BTW the ultimate aim of was is to validate a server that will actually
>> replace a single ADS domain member. This being the case I suppose I
>> could back up the relevant tdb files, do a leave on the existing server,
>> join the new one and copy the tdbs into place? Still, if I can use
>> idmap_rid without undue hassle it's clearly a better solution.
>>
>> Best,
>>
>> Ben.
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


Once for all, go ahead with rid and keep the smb.conf consistent across OR
use rfc2307.  RID is easier to manage.


More information about the samba mailing list