[Samba] A proposal to the Samba developers: extension of the RID backend

Miguel Medalha miguelmedalha at sapo.pt
Wed Feb 25 14:19:44 MST 2015

I don't know if you will consider this meaningful or not, but I would 
like to discuss the following:

I see the RID back-end as having a great potential, in particular for 
those admins dealing with networks composed of Windows-only clients 
served by *nix servers, which I suppose constitute a sizable portion of 
the Samba users.

On domain provision, for example with 'samba-tool', we would input the 
wanted RID back-end range (and shell templates?). This would be stored 
in AD or tdb file. A single parameter in 'smb.conf' (something like 
'domain rid DOMAIN = yes') would activate the reading of that 
information by every new member server joining the domain, which would 
then be automatically configured. This would bring centralized and 
predictable management of UIDs/GIDs from SIDs without having to remember 
ranges and manually input them into every 'smb.conf' file of member 
servers. This would be some kind of mid way between the 'rid' and 
'autorid' back-ends.

In sum, the idmap range for each domain would be defined centraly 
instead of locally. Someone configuring a member server would not need 
to previously know which range to use, they would only have to know the 
name of the domain to join and include the respective line 'domain rid 
DOMAIN = yes' (or something to that effect) in their local 'smb.conf'. 
(The default for such a parameter would of course be 'no'.)

And maybe:
To address the cases of people needing a shell on the *nix server, could 
we verify if 'UNIX Attributes' are set on AD for that user and give 
precedence to that ID/GID and if they are not set use the id coming from 
RID? Seems possible. Is it?

Summing up:
Does the user have UNIX Attributes set? If yes, use them. If not, use RID.

What do you think? Is this realistic or am I just being picky?

More information about the samba mailing list