[Samba] Security = ADS and uidnumbers

steve steve at steve-ss.com
Wed Jun 5 10:56:44 MDT 2013

On Wed, 2013-06-05 at 16:22 +0100, Jonathan Buzzard wrote:
> On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote:
> >
> > I never said that I couldn't get it to work, I just said that it is
> > just too complicated. Yes I can read and there was no need to get
> > personal
> > 
> You said you gave up because it was too complicated. Also if you are
> setting up a Samba file server and need UID/GID to SID mappings the only
> supported option is Winbind if sssd works at all.

Why don't we simply store the uid in the directory along with everything
else concerming the user? Why store that information somewhere else?

All the OP wants is consistent uidNumbers. The only way I know how to do
that is to store the uidNumber in the DN of the object. All DC's pull
the same attribute at all times. Forget idmap ranges. You can use
winbind to do that and prolly pull stuff from AD too. However, those of
us who have tried alternatives for pulling rfc2307 from AD find the
alternatives easier to install and configure. Anyone who has tried sssd
is unlikely to return to winbind. It also has the advantage that it
works fully on a S4 DC, not just for uid and gid but for the whole of
rfc2307. For good measure, it throws in dynamic dns updates for fwd and
reverse zones. For free.

sssd does what it says on the tin. With winbind, there are too many
different tins;) 

More information about the samba mailing list