[Samba] A proposal to the Samba developers: extension of the RID backend
miguelmedalha at sapo.pt
Wed Feb 25 14:19:44 MST 2015
I don't know if you will consider this meaningful or not, but I would
like to discuss the following:
I see the RID back-end as having a great potential, in particular for
those admins dealing with networks composed of Windows-only clients
served by *nix servers, which I suppose constitute a sizable portion of
the Samba users.
On domain provision, for example with 'samba-tool', we would input the
wanted RID back-end range (and shell templates?). This would be stored
in AD or tdb file. A single parameter in 'smb.conf' (something like
'domain rid DOMAIN = yes') would activate the reading of that
information by every new member server joining the domain, which would
then be automatically configured. This would bring centralized and
predictable management of UIDs/GIDs from SIDs without having to remember
ranges and manually input them into every 'smb.conf' file of member
servers. This would be some kind of mid way between the 'rid' and
In sum, the idmap range for each domain would be defined centraly
instead of locally. Someone configuring a member server would not need
to previously know which range to use, they would only have to know the
name of the domain to join and include the respective line 'domain rid
DOMAIN = yes' (or something to that effect) in their local 'smb.conf'.
(The default for such a parameter would of course be 'no'.)
To address the cases of people needing a shell on the *nix server, could
we verify if 'UNIX Attributes' are set on AD for that user and give
precedence to that ID/GID and if they are not set use the id coming from
RID? Seems possible. Is it?
Does the user have UNIX Attributes set? If yes, use them. If not, use RID.
What do you think? Is this realistic or am I just being picky?
More information about the samba