[Samba] idmap & migration to rfc2307

Jonathan Hunter jmhunter1 at gmail.com
Sat Nov 7 17:47:48 UTC 2015

On 7 November 2015 at 17:01, Michael Adam <obnox at samba.org> wrote:
> Also, for all I know, the DC always has local unix user and group
> IDs, and does NOT use the rfc2307 attributes for this. (Unless
> this has changed recently, but I can't imagine how.) So there is
> nothing wrong with samba not using the rfc ids on the DC -- this is
> how it works by design.

Thanks Michael. I will see if I can use winbind locally instead of
sssd later this evening, now that I have fully switched to rfc2307
rather than algorithmic mappings.

One question on this, though - how is file ownership managed on the DC
from the samba side? I know DCs aren't "supposed" to be used as file
servers in the samba view of things (which is another story
altogether), but I can't understand why sometimes the ID mapping comes
from the rfc2307 attributes and then later on not. The mapping needs
to be consistent so that any files on disk are owned by the correct
UID (even if the local DC's Unix system doesn't necessarily know who
that UID is - that's the job of winbindd / sssd / etc. as I understand
it) ?

There are a lot of people (including me) who for various reasons
really, really want to use a single machine as both a DC and a file
server. Having this work with any sort of consistency in UID mappings
is proving to be a little bit problematic :)

It's frustrating for me because it works for a while (5 months until
yesterday) but then something triggers and it doesn't work again...



"If we knew what it was we were doing, it would not be called
research, would it?"
      - Albert Einstein

More information about the samba mailing list