[Samba] UID/GID mapping consistency across at least two Linux machines
gaiseric.vandal at gmail.com
Tue Apr 10 10:45:38 MDT 2012
On 04/10/12 12:29, steve wrote:
> On 09/04/12 21:00, Gaiseric Vandal wrote:
>> On 04/09/12 13:11, bakytn wrote:
>>> I found this:
>>> How to implement "a" scenario?
>> Are you using winbind for idmapping? The files you want may be
>> /var/samba/locks (check "testparm -v" for the locks and cache
>> directories.) Look at the winbind*tdb and idmap*tdb files. tdbdump
>> will show you what is in them.
> I've never understood why we have to use winbind when using Linux
> clients. It seems a complicated way to go about uid/gid mapping.
> All we do is add posixAccount, uidNumber and gidNumber +any of other
> 2307 stuff you may need to the user record in LDAP. Maybe the problem
> before has been with the poor performance of nss-ldap. But with the
> new nss-ldapd nslcd, the user and group mapping is perfect and very
> fast. It's just as good as reading from a local file even on a busy lan.
Winbind mapping should not be necessary on domain controllers, except if
you have domain trusts. I have ldap backend so my LDAP users have both
unix and samba attributes. Samba member servers are a little
trickier, when settings permissions from a Windows client. The server
does need some sort of idmap to connect the samba account to the local
unix account. I had to use ldap backend for idmap to make sure the
idmapping was consistent on samba member server. In theory the
idmap_nss backend should do this, but I don't think it was available in
samba 3.0.x. I haven't had much luck with it in samba 3.4 or 3.5.
I found it easier just to make sure that my primary file servers were
More information about the samba