[Samba] Winbind backend : rid is too much underappreciated

[Jason Haar]

On 22/02/15 09:05, Miguel Medalha wrote:
> I just came to the conclusion that the rid backend has been very much underappreciated. Too much mental inertia about how things used to be made?
>
> After strugling for two days to configure a member server against a Samba Active Directory  with the ad/RFC2307 backend, I turned to the rid backend and voilà! all my problems are gone. Having to manually edit uids/gids in UNIX Attributes under RSAT does really suck! The Administrator account is never correctly mapped and setting permissions on the member server becomes a PITA. All kinds of glitches become apparent.

I agree. We have a majorly complex AD here: multiple domains in multiple
trusted forests - each with a different IT group responsible, none of
whom are interested in supporting Samba. We had problems with different
users (from different domains) being mapped to the same UID - let's face
it, you can't get worse than that. Once we moved to "backend = rid" and
formally mapped each domain to its own range, all such problems
disappeared. The great thing is we do that rid mapping in an include
file - and just make sure all Samba servers have the same file - so now
all these thousands of AD accounts in multiple forests will map to the
same unique Unix uid on any of our Samba servers - sweet! We could even
bring NFS into this mess if we choose to :-)

Long live rid! :-)


-- 
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1