[Samba] Member server - winbind unable to resolve users/groups

Luca Olivetti luca at wetron.es
Sun Apr 5 09:17:07 MDT 2015 

El 05/04/15 a les 16:41, Rowland Penny ha escrit:


> You shouldn't really have used such low numbers in the first place, but
> that was your decision.

No, it wasn't my decision, it was the default in the distribution I used
at the time. In fact, the *only* distribution starting from 1000 was
debian, every other distribution used 500. It's only recently that they
decided to change to 1000, but without breaking compatibility with
existing users

> 
>>
>>> If you will never need any local Unix users (and what happens if the
>>> domain connection goes down ?)
>> Isn't winbind supposed to cache that?
>> ;-)
> 
> What if the problem is winbind ?

I keep local users for such (and similar) cases.

> 
>>> then you could start the AD users at
>>> where the local Unix users are supposed to start (debian 1000, older
>>> red-hat 500, newer red-hat 1000), but this is if you *only* have Unix
>>> system users on the computer.
>> Nonsense. I can simply use uids/gids outside the range for local users.
> 
> Right and what happens if your number of AD users grows ? they could
> collide with your local Unix users.

I doubt I will reach uid 50000 anytime soon. I hope I'll have retired by
then ;-)


> 
> Yes, it may have been best practice in its day (cannot think when, but
> hey) but it is not best practice now and hasn't been for quite sometime.

Fedora changed from 500 to 1000 in 2011. Even though I wasn't using
fedora, at the time I had a couple millions files or more, so even if
the default changed it still wasn't practical to change ownership of all
those files. Besides, it could have unintended side effects far worse
than using uids < 10000.
BTW, when I migrated my users to LDAP I used a recommended
(best-practice) script which populated the database with the windows
groups, and it assigned the gid 513 to "Domain Users". It's not a random
coincidence that both me and Andrey have the same gid for "Domain
Users": it was the *standard* practice.

> As for using Linux when it was still not fashionable, well I
> A) Remember reading Linus's message shortly after he sent it out (didn't
> really understand what he was trying to get at)
> B) Remember booting my first Linux machine from a couple of 3-1/2 inch
> floppies called 'boot' and 'root'
> 
> So, don't try and pull the 'I am older than Methuselah' routine :-D

And yet you don't know that most distributions used uid 500 as the first
non system user?

Bye
-- 
Luca Olivetti
Wetron Automation Technology http://www.wetron.es
Tel. +34 935883004  Fax +34 935883007

More information about the samba mailing list