[Samba] Winbind backend : rid is too much underappreciated
Rowland Penny
rowlandpenny at googlemail.com
Sun Feb 22 01:24:21 MST 2015
On 21/02/15 22:23, Miguel Medalha wrote:
>> Just recently a user had problems getting the rid backend to work, so it
>> isn't the magic solution you are suggesting. Once you get your head
>> around the winbind backends, it is easy to set them up. If you did have
>> problems with the 'ad' backend, you had something set incorrectly.
> What kind of problems can you have? I did it with these lines:
>
> idmap config * :backend = tdb
> idmap config * :range = 10000-99999
> idmap config DOMAIN : backend = rid
> idmap config DOMAIN : range = 100000-199999
>
> Everything just works and getent/id show me UIDs/GIDs that imediately tell
> me which SID they correspond to.
>
Taking your example 'idmap config DOMAIN : range = 100000-199999' it is
very easy, you just need users whose RIDs are larger than 200000, these
users will be ignored.
Something similar was problem wrong with the 'ad' backend when you tried
it, failing that it was probably a lack of 'uidNumber' & 'gidNumber' in AD.
As Marc has pointed out, with the 'rid' backend you do not get to set
home dirs & shells on a per user basis.
Rowland
More information about the samba
mailing list