[Samba] id mapping
Greg Dickie
greg at justaguy.ca
Tue Aug 24 09:10:16 MDT 2010
Hi Robert,
Thanks for the response. You are referring to
idmap backend = rid
correct?
Greg
On Tue, 2010-08-24 at 09:10 -0400, Robert Freeman-Day wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have been the most happy with the hash idmap. It really is the least
> invasive and "just works" (does that need to be trademarked these
> days?). Since it hashes the SID with the same algorithm, all members
> get the same UID/GID mappings, which is a big win.
>
> Robert
>
> On 08/23/2010 05:21 PM, Greg Dickie wrote:
> > Hi,
> >
> > Today I'm trying to debug a problem on samba 3.5.4 where a domain
> > member server is having trouble mapping UIDs to SIDs. I must admit I
> > never really looked at this before as everything seemed to "just work".
> > Today I discovered that idmap backend on the PDC and the member server
> > were both defaulted to tdb. This means they have independent views of
> > UID to SID mappings I guess. That sucks. So I'm looking at the ldap
> > backend but I notice that it uses a special ou in the LDAP tree to store
> > mappings. Why do we need that if the sambaSamAccount schema also has
> > SIDs and UIDs for each user. Also, how is that tree populated?
> >
> > Looking at my PDC it seems to just pull everything out of gencache.tdb
> > or say that no mapping exists. Doing a tdbdump of winbind_idmap.tdb
> > shows only a few entries. This seems to be more complicated than I
> > expected. I'm sorry if this is a silly question but what am I doing
> > wrong?
> >
> > Thanks a lot,
> > Greg
> >
> >
>
>
> - --
> ________
>
> Robert Freeman-Day
>
> https://launchpad.net/~presgas
> GPG Public Key:
> http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkxzxMMACgkQup357T5MfTY0VACfSGOY2vXg05lUplINAeqxr42s
> iR0AnA3P/DdGApB0+WIJZTzNN99qiv/z
> =ddTf
> -----END PGP SIGNATURE-----
--
Greg Dickie
just a guy
More information about the samba
mailing list