[Samba] Samba 4 Consistent uid gid mapping across servers.

[Wayne L. Andersen]

I have 3 Samba 4 Domain Controllers and 1 Member server, been running in 
production for almost a year and very pleased with the results so far.

I have winbind installed and working on all of my servers and I am also 
quite happy with that as well, except that the inconsistent uid and gid 
mapping is starting to cause some problems for me.

I have done a fair bit of research and I think I would like to try 
implementing rfc2307 and using using nss_pam_ldap.

I am pretty comfortable with setting that up.

My question is, that since I did not specify rfc2307 when I originally 
provisioned the domain what is going to be the effect if I try to use it 
after the fact.

First does the schema need to be extended, or is it already present and 
just needs to be activated by adding the rfc2307 options to my existing 
smb.conf, and then restart.
     If not what is the best way to extend it, can I do it from my 
windows server 2003 by adding the "Identity Management for UNIX" role?
     Or are then other tools to accomplish this. I am using the internal 
DNS for Samba.

Second assuming I can get it extended and working, I am assuming that I 
will have to manually update existing unix objects that are already 
owned by the old random uid and gid to the new values.
     Creating a script for this should not be that big of a problem 
since the majority of my users are not actually logging into the Linux 
machines.
     So for the most part it will just be folders and files.
     I already have a script for setting and re-setting permissions 
based on the info retrieved from winbind.

What do you think?

-- 
Wayne Andersen