[Samba] winbind: uid range is ignored
NdK
ndk.clanbo at gmail.com
Sat Aug 4 01:39:09 MDT 2012
Il 03/08/2012 16:21, steve ha scritto:
> That's quite easy in Samba3 but which tdb's must I remove in Samba4? In
> fact, how would I rejoin the DC to itself?
You shouldn't use DCs for anything else other than DC. No file server.
No gateway. *Nothing*. They're a crytical piece of your network
infrastructure and must be as closed as possible.
The NFS server doesn't care about Samba at all: it reveives UIDs adn
GIDs and stores 'em as given. No mapping happens here.
What makes me think you have a *big* misunderstanding about what winbnd
mapping does is this sentence from another message:
> If winbind is doing the mapping correctly it should map 3000027 to
> 3000002
No. Winbind maps back and forth between user *names* (and groups) and
*UIDs* (and GIDs), not between server UIDs and local GIDs ! It doesn't
know if an UID is local or from a server.
So, that means that (given no other kind of access to the NFS server is
allowed) it's enough that all your *clients* use the same mapping
between SIDs and UIDs/GIDs and you're OK. If not, you have a big problem.
You have many ways to obtain that "same mapping" objective. I chose to
use rid 'cause I couldn't modify my AD schema. But the preferred way is
extend AD schema and specify there the UIDs and GIDs.
Hope this helps to clarify.
BYtE,
Diego.
More information about the samba
mailing list