[Samba] uidNumber. ( Was: What is --rfc2307-from-nss ??)

Andrew Bartlett abartlet at samba.org
Fri Dec 5 02:59:49 MST 2014

On Mon, 2014-12-01 at 19:30 +0000, Rowland Penny wrote:
> On 01/12/14 19:19, Jeremy Allison wrote:
> > On Mon, Dec 01, 2014 at 11:14:59AM -0800, Greg Zartman wrote:
> >> On Mon, Dec 1, 2014 at 11:09 AM, Rowland Penny <rowlandpenny at googlemail.com>
> >> wrote:
> >>
> >>> NO NO I can't take anymore :-D
> >>>
> >>> Please read the rest of the thread, it will explain all.
> >>
> >> People seriously use this in a production environment?
> >>
> >> The lack of documentation and confusion surrounding pretty basic posix auth
> >> is extremely surprising.  I'm no noob at *nix admin and I'm having one hell
> >> of a time wrapping my brain around this.    I'm also not new to Samba.
> >> https://lists.samba.org/archive/samba-ntdom/2001-October/020361.html
> > The issues people are having with POSIX auth are
> > historical and to do with the AD environment having
> > its own winbind code.
> >
> > This harks from a time when there was a danger the
> > project would split into two, a fileserver project
> > and an AD-DC project.
> >
> > We are slowly but surely healing this wound, but
> > sometimes the stitches are still visible - the
> > S4 winbindd code is part of that.
> >
> > Eventually we will get to a single unified winbindd
> > which works in both the AD-DC and member server case,
> > but you're going to have to bear with us until that
> > gets finished I'm afraid.
> I understand and don't think that I am being ungrateful, but is there 
> any chance that winbindd in 4.2 will pull the unixHomeDirectory & 
> loginShell attributes ??

The best chance is if someone works out the required options, and then
we can decide if it is reasonable to change the defaults.  My view is
that is *is* reasonable to assume that if rfc2307 (or AD equiv)
attributes are filled in, to use them.  We have the difficult position
that we don't want to change defaults on running systems, but I
certainly deeply regret that we ended up with --use-rfc2307 being an
off-by-default option in provision. 

Sadly, I think we will miss the boat for 4.2, just because of timeframes
and resources - I'm flat out on other AD DC bugs/features right though
Christmas I'm afraid. 

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list