[Samba] Winbind troubles
rowlandpenny at googlemail.com
Tue Jul 23 08:12:17 MDT 2013
On 23 July 2013 14:53, Jonathan Buzzard <jonathan at buzzard.me.uk> wrote:
> Orthogonal is a single word, is precise and describes what is required
> exactly. It has been in my vocabulary for approaching 30 years. None
> overlapping range is three words and more characters as well. I was not
> aware that Newspeak was now a requirement for posting on this list.
OK, so it is in your vocabulary, but it it is not in mine, nor I believe
the vast number
of the English speaking world. You think that you know what it means, but
look here: http://www.merriam-webster.com/dictionary/orthogonal
Your definition is not mentioned.
> > From what I can see the BUILTIN uids come from windows (and are called
> > SID's) and there they are set in stone.
> The SID's are set in stone, they have no UID's set in stone. Winbind to
> work allocates a UID to them in it's allocatable (usually local)
> database. There must be no conflicts between these allocated UID's and
> the UID's in the domain, hence the requirement that the ranges given to
> winbind be orthogonal.
Well perhaps they should be now, the problem that I see is that RHEL etc
uses 0-500 for local users and Debian uses 0-999, so perhaps reserve 1100 -
1200 for the BUILTIN users
> > from the sssd-1.9.0 announcement
> > - Add a new PAC responder for dealing with cross-realm Kerberos
> > trusts
> Well that's relatively new (aka less than a year old). I guess not that
> many enterprise distributions will carry it (though RHEL 6.4 does).
ER, isn't RHEL THE enterprise distro?
> What gets me is people claiming that half a dozen lines of configuration
> in smb.conf is more complicated than 30+ lines of configuration in an
> entirely separate configuration file in addition to several lines in
> smb.conf. It might be more performant, it might have fewer bugs etc. but
> it is absolutely not simpler to configure.
For me it is a lot easier to configure, I don't have to worry about
orthogonal numbers for instance (drat, now you have got me at it ) ;-0
More information about the samba