[Samba] Winbind troubles

Rowland Penny rowlandpenny at googlemail.com
Tue Jul 23 04:55:03 MDT 2013 

On 23 July 2013 11:40, Jonathan Buzzard <jonathan at buzzard.me.uk> wrote:

> On Tue, 2013-07-23 at 11:06 +0100, Rowland Penny wrote:
>
> [SNIP]
>
> >
> > OK, I see where you are coming from, but until testparm starts saying
> > 'this will not work because' people will keep on having problems with
> > winbind, also why do you need to set up the ranges anyway.
>
> testparm does not guarantee a working configuration, it guarantee's that
> you don't have any invalid configuration lines from a syntactic point of
> view.
>
> I thought that testparm did exactly that, it tested all the parameters in
smb.conf, so if the ranges overlap, it should report the error.


> I fully appreciate that it can seem confusing. I know three years ago
> when I first set it up I ended up reading large chunks of this mailing
> lists archive to find a single posts that told me what I was doing
> wrong. At the time the idmap_ad manual page did not hold the necessary
> information.
>
> Darned right it is confusing.


> However today in mid 2013, the manual page is accurate and there are a
> *lot* more posts in the mailing list on how to set it up.
>
> Yet people still get it wrong.


> >  The user and group ranges are already set by the admin in uidNumber &
> > gidNumber, so again why do they need setting in smb.conf, IMHO the
> > setting should be 'idmap config:backend = ad' and that should make
> > winbind pull all the rfc2307 items for a user or group
>
> The issues is that winbind needs somewhere to allocate UID's and GID's
> for the BUILTIN backend. As such it does not know in advance what a
> suitable block for this is. Only you the administrator can say this
> range here is not allocated in the AD.
>
> Why are the BUILTIN uid's & gid's not set in stone? and noted somewhere
and users told 'do not use this range'


> Also winbind can handle multiple domains so it needs to know which
> domain to use to lookup a given UID or GID in.
>
>
> sssd can do this very easily, so your point is?

Rowland


> JAB.
>
> --
> Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
> Fife, United Kingdom.
>
>

More information about the samba mailing list