[Samba] Consistent UID/GID mappings?

[Jeremy Allison]

On Tue, Apr 08, 2014 at 08:48:53PM +0100, Rowland Penny wrote:

> Jeremy, I thought before I posted, and I was being sarcastic in the
> way I posted. I wouldn't have posted except for the fact that in
> this instance, sssd actually works in the way that the OP wants,
> whereas the builtin winbind doesn't.

Sure, and it's entirely appropriate to say so, I have no
issues with that ! Remember the builtin winbindd in s4
is different to the member winbindd daemon. One of the
things Andrew is trying to do is unify the two so the
more flexible and complete 'member' winbindd can be
used in the AD-DC case and we can deprecate the builtin
winbindd, in the same way smbd replaced the ntvfs
backend for file serving. Having said that we're not
there yet.

> I do not recommend sssd on the list any more except in this case,
> because the last time I did, YOU told me not to!

I don't remember what I said (getting old :-), but I
hope I didn't tell you not to mention sssd.

> I  have found out why I could never get the winbind ad backend to
> work for me, you have to jump through a series of hoops, users have
> to have a uidnumber & gidNumber, groups have to have a gidNumber and
> NONE of these must be below the lower range you set in smb.conf. It
> was the later that got me, I stupidly gave Domain Users the
> gidnumber of '100', this I based on samba4 giving the group the same
> xidNumber in idmap.ldb.
> 
> Having said all this, I will not mention sssd here again.

Rowland, that's exactly what I *didn't* want you to think.

I'm fine with you mentioning and even recommending sssd
on this list when it helps the user and solves the problem.

Positive contributions are *always* welcome. Just think
carefully before making any *negative* comments.

Hope that's clear !

Cheers,

	Jeremy.