[Samba] Samba4 Winbind - is it really not possible to be sensible?
Andrew Bartlett
abartlet at samba.org
Mon Jan 28 07:09:53 MST 2013
On Sat, 2013-01-26 at 12:46 +0000, Rob McCorkell wrote:
> > If you provision/run with idmap_ldb:use rfc2307 then you can assign each
> > user/group a uidNumber/gidNumber which then is/can be obeyed by samba/nslcd.
>
> Sorry, I should have made myself more clear. Our current setup uses
> the nslcd approach to get the UIDs and GIDs as mapped from the RID of
> each object. We then feed that back into the LDAP database (as
> uidNumber and gidNumber attributes) along with setting idmap_ldb:use
> rfc2307 so that Samba4 gets the same UIDs and GIDs as from mapping the
> RID. But this is very much a fudge, and it does not make sense that
> Winbind shouldn't support this form of RID mapping, even though
> previous versions did support it.
We continue to support this, just not when we are an AD DC.
If this bothers you, then do not use your AD DC as a file server, except
for the required group policy files. This is one of the many reasons we
recommend against combining these roles on sites with complex
requirements.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list