[Samba] Security = ADS and uidnumbers

Rowland Penny rpenny at f2s.com
Wed Jun 5 11:32:29 MDT 2013


Well said Steve

>From what I have read on the two samba mailing lists, Samba 4 is supposed
to be a clone of windows AD, well windows AD does not have winbind, so I
suppose this begs the question, why when running as a DC controller does
Samba4?



On 5 June 2013 17:56, steve <steve at steve-ss.com> wrote:

> On Wed, 2013-06-05 at 16:22 +0100, Jonathan Buzzard wrote:
> > On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote:
> > >
> > > I never said that I couldn't get it to work, I just said that it is
> > > just too complicated. Yes I can read and there was no need to get
> > > personal
> > >
> >
> > You said you gave up because it was too complicated. Also if you are
> > setting up a Samba file server and need UID/GID to SID mappings the only
> > supported option is Winbind if sssd works at all.
>
> Hi
> Why don't we simply store the uid in the directory along with everything
> else concerming the user? Why store that information somewhere else?
>
> All the OP wants is consistent uidNumbers. The only way I know how to do
> that is to store the uidNumber in the DN of the object. All DC's pull
> the same attribute at all times. Forget idmap ranges. You can use
> winbind to do that and prolly pull stuff from AD too. However, those of
> us who have tried alternatives for pulling rfc2307 from AD find the
> alternatives easier to install and configure. Anyone who has tried sssd
> is unlikely to return to winbind. It also has the advantage that it
> works fully on a S4 DC, not just for uid and gid but for the whole of
> rfc2307. For good measure, it throws in dynamic dns updates for fwd and
> reverse zones. For free.
>
> sssd does what it says on the tin. With winbind, there are too many
> different tins;)
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list