[Samba] Samba4 Winbind - is it really not possible to be sensible?

Andrew Bartlett abartlet at samba.org
Mon Jan 28 07:09:53 MST 2013

On Sat, 2013-01-26 at 12:46 +0000, Rob McCorkell wrote:
> > If you provision/run with idmap_ldb:use rfc2307 then you can assign each
> > user/group a uidNumber/gidNumber which then is/can be obeyed by samba/nslcd.
> Sorry, I should have made myself more clear. Our current setup uses
> the nslcd approach to get the UIDs and GIDs as mapped from the RID of
> each object. We then feed that back into the LDAP database (as
> uidNumber and gidNumber attributes) along with setting idmap_ldb:use
> rfc2307 so that Samba4 gets the same UIDs and GIDs as from mapping the
> RID. But this is very much a fudge, and it does not make sense that
> Winbind shouldn't support this form of RID mapping, even though
> previous versions did support it.

We continue to support this, just not when we are an AD DC. 

If this bothers you, then do not use your AD DC as a file server, except
for the required group policy files.  This is one of the many reasons we
recommend against combining these roles on sites with complex

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list