[Samba] Member server - winbind unable to resolve users/groups

buhorojo buhorojo.lcb at gmail.com
Sun Apr 5 08:55:54 MDT 2015 

On 05/04/15 16:41, Rowland Penny wrote:
> On 05/04/15 15:09, Luca Olivetti wrote:
>> El 05/04/15 a les 15:31, Rowland Penny ha escrit:
>>
>>> OK, so you have users that start at '500', these will undoubtedly be
>>> local Unix users not AD users, unless you have migrated these users to
>>> AD, in which case you would have had to remove the local Unix users.
>> Uh? They're users, currently in ldap and after that in AD, and they will
>> maintain the same uids/gids. I would be pretty angry if they didn't,
>> since it would screw up file ownership
>
> You shouldn't really have used such low numbers in the first place, 
> but that was your decision.
>
>>
>>> If you will never need any local Unix users (and what happens if the
>>> domain connection goes down ?)
>> Isn't winbind supposed to cache that?
>> ;-)
>
> What if the problem is winbind ?
>
>>> then you could start the AD users at
>>> where the local Unix users are supposed to start (debian 1000, older
>>> red-hat 500, newer red-hat 1000), but this is if you *only* have Unix
>>> system users on the computer.
>> Nonsense. I can simply use uids/gids outside the range for local users.
>
> Right and what happens if your number of AD users grows ? they could 
> collide with your local Unix users.
>
>
>>> I cannot recommend this type of setup, there is no reason to have 
>>> such a
>>> setup and if you do have such a setup, then my recommendation is to
>>> retire and let somebody else sort out your mess.
>> This is not a "mess". This was best-practice in its day (some of us have
>> been using Linux when it was still not fashionable to do so) and it
>> still works fine. There is no reason to change what's working fine only
>> to follow your recommendation. Otherwise there would be no reason to
>> make the range configurable: it is in order to adapt to one's 
>> environment.
>
> Yes, it may have been best practice in its day (cannot think when, but 
> hey) but it is not best practice now and hasn't been for quite sometime.
>
We don't want best anything. We want what we have to work. And anyway 
didn't you hear? Butter is good for you again this year. Linux: we 
configure it as we wish. Not as someone else dictates. You're worse than 
my IT teacher. Your idealism helps no one.

> As for using Linux when it was still not fashionable, well I
> A) Remember reading Linus's message shortly after he sent it out 
> (didn't really understand what he was trying to get at)
> B) Remember booting my first Linux machine from a couple of 3-1/2 inch 
> floppies called 'boot' and 'root'
>
> So, don't try and pull the 'I am older than Methuselah' routine :-D
>
> Rowland
>>
>> Bye
>

More information about the samba mailing list