[Samba] Winbind question

[Dale Schroeder]

Bruno,

You are correct in your description of RID.  It is a calculated, not 
assigned, value as described at 
http://www.samba.org/samba/docs/man/manpages/idmap_rid.8.html . If 
configured identically, all members/clients will have the same UID/GID 
pairing.  However, because the calculation is done on a value derived 
from the DC, the values will not be the same as the DC.  For my needs, 
RID is quite sufficient; for others, it may not be.

Dale


On 08/12/2014 4:21 AM, Bruno MACADRÉ wrote:
> I can't be totally affirmative, but with the mechanism of rid backend 
> it would be consistent.
>
> If I well understand the mechanism of rid backend (correct me if I say 
> wrong), it works like this :
>
> For a user or a group :
>     - Requesting the DC for the objectSID of the user (or group)
>     - Keeping RID part of the SID
>     - Adding RID part to the minimal ID specified in 'SAMDOM:range'
>     - Using result as UID/GID
>
> So it would be consistent, 'cause SID are uniques (and by extension 
> RID too) and if your 'SAMDOM:range' is the same on all members the 
> resulting UID/GID would be the same.
>
> I don't want to say wrong things to you steve, so if anybody with a 
> better knowledge of this mechanism can confirm (or not), it would be 
> great.
>
> Regards,
> Bruno
>
> Le 12/08/2014 10:27, steve a écrit :
>> On Tue, 2014-08-12 at 07:57 +0200, Bruno MACADRE wrote:
>>
>>>> 2) For me, using "rid" as backend for consistent gid/uid mapping works
>>>> across multiple samba. I wasn't able to get "ad" to work nicely.
>>> That's right, RID backend is sufficient to get consistent gid/uid
>>> mapping...
>> Hi
>> That's interesting. How do you ensure that the databases are
>> synchronised between the DCs, file servers and clients?
>>
>