[Samba] Winbind backend : rid is too much underappreciated

Marc Muehlfeld mmuehlfeld at samba.org
Sat Feb 21 15:44:33 MST 2015


Am 21.02.2015 um 23:15 schrieb Miguel Medalha:
> Do you have something against the rid backend? Which disavantadges do you 
> see? It simply works!

_My_ personal disadvantage with idmap_rid is, that you have to define
stuff like the shell on a per server and not on a per user base. You can
decite if _all_ users should have /bin/bash or alle /bin/false. RFC2307
allows you to centralized set this per user. So admins have a shell for
their user account and no one else. With RID backend, all users need a
shell, and I have to take care via sshd.conf, etc. that only admin users
are allowed to really log in.


> Administrator has a UID of 0. How would you fill up the UNIX Attributes 
> tab for Administrator?

My domain admin at work has UID 30253. I haven't seen any problems yet.
ACLs on Linux-Samba servers are set as root using POSIX ACLs. On windows
servers it's done the windows way without any problems. I can administer
my Samba printserver by granting privileges like described in the Wiki.
Haven't seen any problems since setup 2.5 years.


Regards,
Marc


More information about the samba mailing list