[Samba] AD and Linux UID/GID best practices.
sven.schwedas at tao.at
Tue Feb 18 05:24:43 MST 2014
On 2014-02-18 13:03, Chan Min Wai wrote:
> On Tue, Feb 18, 2014 at 6:37 PM, Sven Schwedas <sven.schwedas at tao.at
> <mailto:sven.schwedas at tao.at>> wrote:
> On 2014-02-18 10:39, Chan Min Wai wrote:
> > Dear All,
> > I've some question.
> > When I create new users/groups in AD DC. It seem that I still need
> to add UID and GID in unix attribute.
> > Possible my setup on rfc2370.
> > So I would like to check if there is any other way to do this
> without configuring UID and GID?
> Short answer: No.
> Long answer: Most certainly no, unless you don't need an AD in the first
> place. If you're using neither Winbind nor SSSD and authenticate with
> some hacked together LDAP adapter it might work, but you'll probably get
> different UIDs/GIDs on different machines, which will create problems
> sooner or later, and isn't half as reliable for authentication.
> > Thank you.
> > Regards,
> > Chan Min Wai
> Mit freundlichen Grüßen, / Best Regards,
> Sven Schwedas
> TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
> Mail/XMPP: sven.schwedas at tao.at <mailto:sven.schwedas at tao.at> | +43
> (0)680 301 7167 <tel:%2B43%20%280%29680%20301%207167>
> Hi Sven
> Can we directly use the SID from samba (by removing the rfc2370 in this
> Oh we must have GID and UID setup manually(I meant at lease need to add)
As far as I know, yes, GID and UID have to be allocated explicitly. SIDs
are used internally by Samba, but there's no stable mapping algorithm.
> Thank you.
Mit freundlichen Grüßen, / Best Regards,
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 665 bytes
Desc: OpenPGP digital signature
More information about the samba