[Samba] idmap & migration to rfc2307

[buhorojo]

On 14/06/15 04:14, Jonathan Hunter wrote:
> On 13 June 2015 at 16:42, buhorojo <buhorojo.lcb at gmail.com> wrote:
>> On 13/06/15 17:33, Jonathan Hunter wrote:
>>> I have the following in smb.conf:
>>>           server services = -dns +winbind -winbindd
>> this is also winbind:
>>>           idmap_ldb:use rfc2307 = yes
>> Lose it.
> Hmmm OK - what would tell samba to use rfc2307 in that case - would it
> do so automatically ??
No. By removing this line, you are reverting to default values where the 
now obsolete winbind in the samba DC did nothing with rfc2307 
information. The idmap_ldb:use  was a not very elegant way of retrieving 
partial uid:gid information from the old winbind code that was part of 
the dc. As you have now found, wnbindd is no more capable.

By using sssd, you have bypassed  the  bugs present in winbind and 
winbindd by simply not using either of them. and by so doing, turned 
your DC into a fully functioning file server. Just like windows server.

Your next step is to cluster the file shares. Maybe you should ask, will 
we need dcs and file servers much longer? We'll _never_ go back!

>
>>> and no 'winbind' lines anywhere.
>>> - use rfc2307 UIDs (sadly, this is a must - I *wish* I could use some
>>> kind of algorithmic mapping, ideally sssd's logic, but any really!)
>> If you want consistency, you can't. You have to read nss information from
>> the ad database. Anyway, well done:)
> Yup. I was hoping that samba would be able to either use the rid
> mapping code (which I know it won't do, on a DC) or, even more
> far-fetched, use the algorithm used by sssd where a UID is picked
> based on the entire SID. Ah well.. :)
>