[Samba] Consistent UID/GID mappings?

Rowland Penny rowlandpenny at googlemail.com
Tue Apr 8 14:07:11 MDT 2014 

On 08/04/14 20:54, Jeremy Allison wrote:
> On Tue, Apr 08, 2014 at 08:48:53PM +0100, Rowland Penny wrote:
>
>> Jeremy, I thought before I posted, and I was being sarcastic in the
>> way I posted. I wouldn't have posted except for the fact that in
>> this instance, sssd actually works in the way that the OP wants,
>> whereas the builtin winbind doesn't.
> Sure, and it's entirely appropriate to say so, I have no
> issues with that ! Remember the builtin winbindd in s4
> is different to the member winbindd daemon. One of the
> things Andrew is trying to do is unify the two so the
> more flexible and complete 'member' winbindd can be
> used in the AD-DC case and we can deprecate the builtin
> winbindd, in the same way smbd replaced the ntvfs
> backend for file serving. Having said that we're not
> there yet.

In which case, could he use what is probably the best part of the 
builtin winbind, the fact that NO range has to be given in smb.conf.

>> I do not recommend sssd on the list any more except in this case,
>> because the last time I did, YOU told me not to!
> I don't remember what I said (getting old :-), but I
> hope I didn't tell you not to mention sssd.
Er, yes you did (and you are younger than me! )
>
>> I  have found out why I could never get the winbind ad backend to
>> work for me, you have to jump through a series of hoops, users have
>> to have a uidnumber & gidNumber, groups have to have a gidNumber and
>> NONE of these must be below the lower range you set in smb.conf. It
>> was the later that got me, I stupidly gave Domain Users the
>> gidnumber of '100', this I based on samba4 giving the group the same
>> xidNumber in idmap.ldb.
>>
>> Having said all this, I will not mention sssd here again.
> Rowland, that's exactly what I *didn't* want you to think.
>
> I'm fine with you mentioning and even recommending sssd
> on this list when it helps the user and solves the problem.

OK

>
> Positive contributions are *always* welcome. Just think
> carefully before making any *negative* comments.
The problem is the usual one of the reader not being with the writer, 
you sure lose a lot with the loss of body language.

> Hope that's clear !
Yep.

Rowland

> Cheers,
>
> 	Jeremy.

More information about the samba mailing list