[Samba] rfc2307 deprecated in Windows 2012 R2?
rowlandpenny at googlemail.com
Fri Jan 30 10:12:58 MST 2015
On 30/01/15 16:55, Hans-Kristian Bakke wrote:
> I still do not follow you. An additional reason for including
> administrator in the first place, not including that I actually want
> it to work against the linux boxes like every other domain user, was
> because winbind returns the exact same mapping when using idmap
> backend RID with range 300000-499999 (i.e not rfc2307 attributes)
>> wbinfo -i administrator
On one of my DC's:
wbinfo -i administrator
and from idmap.ldb (created by the provision):
Oh look it is mapped to '0' i.e. 'root'
> So the winbind devs obviously also thinks that Administrator should be
> mapped like every other domain user.
Do you want to retract that last statement ?
> The nice thing about this is that RFC2307 enabled winbind hosts,
> sssd-ad hosts and winbind hosts still using RID can all coexist
> peacefully and with the same UID/GID mapping (a need I had, thus
> creating the need for the migration script).
> But as I can see this is strictly a personal thing for you, it is of
> course okay to not give administrator a UID. You can just exclude the
> user in the script, so the functionality can still be used as a base,
> or you can throw it in the garbage if you want to :) I was worried
> that there were any technical consequences that I somewhat had missed
> for years.
Yes, you seem to be missing the fact that 'Administrator' is a special
windows user and shouldn't be turned into a normal Unix user.
More information about the samba