[Samba] Wither "uidNumber" and "gidNumber"? (was: Re: ldbedit: no matching records - cannot edit (newly-created user))

[Nigel W]

On Sat, Sep 12, 2015 at 12:12 PM, Jim Seymour <jseymour at linxnet.com> wrote:

> On Sat, 12 Sep 2015 17:59:54 +0100
> Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
> > >
> > > Can I, should I, may I put gidNumber attributes into individual
> > > user AD records?  (Matching their [default] *nix gids?)
> >
> > Ah, somebody else who thinks Samba4 AD works like samba3, you don't
> > have individual Unix groups any more, in fact you do not have Unix
> > users any more, they are all AD users that are also Unix users.
> [snip]
>
> So all these reams of files and directories on the existing
> fileserver, many of which are shared between both MS-Win and *nix
> users, what am I supposed to do with them?
>

You create the users on the directory with the same uid and uidNumber as
the local users and then remove local users on the systems.  Same applies
to the groups.

You will need to make sure that you configure the idmap options in the
smb.conf to use the rfc attributes from the directory, this the "ad" idmap
module (man page name is idmap_ad) and to include the range of uid numbers
and gid numbers that you used above.

The other idmap modules, "rid" and "tdb" (idmap_rid and idmap_tdb) are for
those that want to put stuff on a *nix server and access it only through
windows protocols where the actual numbers that the *nix is using don't
matter, that is, a file server accessed only by smb/cifs protocol or a mail
server access only through smtp/imap.