[Samba] Samba 4 Consistent uid gid mapping across servers.
Wayne L. Andersen
waynea at clima-tech.com
Fri Oct 18 18:09:35 MDT 2013
I have 3 Samba 4 Domain Controllers and 1 Member server, been running in
production for almost a year and very pleased with the results so far.
I have winbind installed and working on all of my servers and I am also
quite happy with that as well, except that the inconsistent uid and gid
mapping is starting to cause some problems for me.
I have done a fair bit of research and I think I would like to try
implementing rfc2307 and using using nss_pam_ldap.
I am pretty comfortable with setting that up.
My question is, that since I did not specify rfc2307 when I originally
provisioned the domain what is going to be the effect if I try to use it
after the fact.
First does the schema need to be extended, or is it already present and
just needs to be activated by adding the rfc2307 options to my existing
smb.conf, and then restart.
If not what is the best way to extend it, can I do it from my
windows server 2003 by adding the "Identity Management for UNIX" role?
Or are then other tools to accomplish this. I am using the internal
DNS for Samba.
Second assuming I can get it extended and working, I am assuming that I
will have to manually update existing unix objects that are already
owned by the old random uid and gid to the new values.
Creating a script for this should not be that big of a problem
since the majority of my users are not actually logging into the Linux
machines.
So for the most part it will just be folders and files.
I already have a script for setting and re-setting permissions
based on the info retrieved from winbind.
What do you think?
--
Wayne Andersen
More information about the samba
mailing list