[Samba] UID/GID mapping consistency across at least two Linux machines

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue Apr 10 10:45:38 MDT 2012

On 04/10/12 12:29, steve wrote:
> On 09/04/12 21:00, Gaiseric Vandal wrote:
>> On 04/09/12 13:11, bakytn wrote:
>>> I found this:
>>> http://lists.samba.org/archive/samba/2004-January/078411.html
>>> How to implement "a" scenario?
>> Are you using winbind for idmapping?   The files you want may be
>> /var/samba/locks (check "testparm -v" for the locks and cache
>> directories.)  Look at the winbind*tdb and idmap*tdb files.  tdbdump
>> will show you what is in them.
> Hi
> I've never understood why we have to use winbind when using Linux
> clients. It seems a complicated way to go about uid/gid mapping.
> All we do is add posixAccount, uidNumber and gidNumber +any of other
> 2307 stuff you may need to the user record in LDAP. Maybe the problem
> before has been with the poor performance of nss-ldap. But with the
> new nss-ldapd nslcd, the user and group mapping is perfect and very
> fast. It's just as good as reading from a local file even on a busy lan.
> Cheers,
> Steve
Winbind mapping should not be necessary on domain controllers, except if
you have domain trusts.  I have ldap backend so my LDAP users have both
unix and samba attributes.    Samba member servers are a little
trickier, when settings permissions from a Windows client.  The server
does need some sort of idmap to connect the samba account to the local
unix account.   I had to use ldap backend for idmap to make sure the
idmapping was consistent on samba member server.   In theory the
idmap_nss backend should do this, but I don't think it was  available in
samba 3.0.x.    I haven't had much luck with it in samba 3.4 or 3.5.   
I found it easier just to make sure that my primary file servers were
also DC's.


More information about the samba mailing list