[Samba] [Samba 4] Issues with uidNumber and gidNumber in AD for Linux clients

Andrew Bartlett abartlet at samba.org
Fri Jan 25 17:53:39 MST 2013

On Thu, 2013-01-24 at 14:32 +0100, Fred F wrote:
> Thanks for your statement, Andrew. I know about winbind and we've used
> it in the past, but I remember there were some issues when dealing
> with POSIX ACLs and windbind.
> Now while winbind might work in some environments, I think it would be
> much nicer and cleaner to integrate Linux clients into a Samba AD
> domain with "native" Linux tools. The PAM part is very easy and works
> great already with Samba 4 and Linux clients using Kerberos. The only
> somewhat troublesome part is the NSS information
> (passwd/groups/shadow), which would also not really be an issue if
> Samba 4 properly implemented separation between users and groups in
> POSIX ACLs (#9521).

This bug is closed as invalid for very good reason.  There is not
separation between users and groups in windows ACLs, once you have to
handle groups owning files and SID History (users essentially becoming
groups), and we have no choice but to match.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list