[Samba] sssd on DC for fileserver

[Jonathan Hunter]

On 4 June 2015 at 17:25, buhorojo <buhorojo.lcb at gmail.com> wrote:
> On 04/06/15 16:58, Roel van Meer wrote:
>>
>> I think the reason might be this:
>> - You are using "idmap_ldb:use rfc2307" in your Samba config, which means
>> that Samba will use the ID's specified in the unix attributes in your AD
>>[...]
>>
> No, we don't think so because the user does not have the rfc2307 attributes
> in the directory and doesn't want to put them there. Maybe on the contrary,
> comment the idmap_ldb:use rfc2307.

Thanks buhurojo - that's correct, I am not using rfc2307. I was trying
to effectively replace the idmap functionality with sssd in this case,
to have consistent UIDs across my multiple servers, without having to
use rfc2307 and store a specific UID for each user in AD.

This works great on all my machines using sssd - but only on the UNIX
side, not within Samba i.e. via \\servername\sharename.

Thinking about it another way, I guess I am crazy to expect this to
work - but it's still a shame that it doesn't yet :( It's really quite
a common scenario from what I have seen on this list and from other
questions people have asked for a number of years, but I guess it's
not currently possible.

I think I must admit defeat, and switch to using rfc2307 and manually
specifying UIDs for my users :( It's really not what I want to be
doing, but it seems to be the only mechanism within samba to have
consistent UIDs across DCs at the moment.

>From what I've read, there is (I think) different code used when samba
is a domain member, vs. when samba is a domain controller, which means
that rid mapping doesn't work if samba is a DC.

Cheers,

Jonathan

-- 
"If we knew what it was we were doing, it would not be called
research, would it?"
      - Albert Einstein