[Samba] Winbind troubles
Jonathan Buzzard
jonathan at buzzard.me.uk
Tue Jul 23 16:21:13 MDT 2013
On 23/07/13 17:10, Rowland Penny wrote:
[SNIP]
>
> But if the group identified by primaryGroupID 513 has gidNumber 20513
> (which would be in my opinion best practice) without looking in the
> source code of sssd you don't know whether sssd took the gidNumber of
> the user or took the primaryGroupID, and then looked up gidNumber of
> that group. As your example has not shown what the gidNumber of the
> group identified by primaryGroupID 513 it has not demonstrated what you
> claim it has demonstrated.
>
>
> Does it matter, as long as the right answer is returned?
>
Only in that you gave an example that claimed to show that sssd used the
gidNumber from the users entry. The point I was making is that it did
not actually show that. What it showed was sssd returning a GID that
matched the gidNumber from the users entry which while close is not what
you claimed.
> But for your information, sssd pulls ALL the information from the users
> RFC2307 information, in fact it pulls more information than winbind.
>
Well then that sucks and I prefer the winbind method, because as far as
I am aware changing the Windows primary group (at least under 2003R2 and
2008R2, not tested 2012 or Samba4) of a user has no effect on the users
gidNumber. As such it is inevitable that mistakes will be made, things
will get out of sync and stuff will break in odd not apparent ways.
Reasons why winbind is better than sssd if you ask me :-)
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
More information about the samba
mailing list