[Samba] Man page for idmap_rid

[Michael Adam]

On 2016-08-09 at 14:49 -0300, francis picabia via samba wrote:
> On Tue, Aug 9, 2016 at 1:58 PM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
> 
> > On Tue, 9 Aug 2016 13:37:18 -0300
> > francis picabia <fpicabia at gmail.com> wrote:
> >
> >
> > >
> > > getent passwd username
> > >
> > > (or "theusername") is not the literal command.  I substitute
> > > 'username' here to protect the user id.
> > > genent passwd on the user does work and it returns uid and gui of
> > > 1000, exactly what we see in the /etc/passwd file.  It is the same
> > > output as grep 'username' on /etc/passwd
> > >
> > > Remember, when winbind is off, it works.  This is certainly bug 10604
> > > by all measures.
> >
> > And I think you have just posted your problem!
> >
> > Lets use 'fred' as one of your users, replace 'fred' with a real users
> > name
> >
> > Do you have a user called 'fred' in /etc/passwd *and* in AD ?
> >
> > If so, choose one and then delete the other, you cannot have them in
> > both.
> >
> 
> I don't think you've done this before.  Have you used security = ads?
> 
> I have dozens of servers and hundreds of users running just fine
> with this.  Having the same user defined in both Linux and AD,
> and mapping it for authentication is the whole point.

No, this completely misses the point of winbind and security =
ads: Winbind removes the need to maintain local users on each
server. Instead you plug winbind into nsswitch and tell it to
use the same id mapping scheme on all servers, and hence you
have perfectly valid, same-looking unix users on all the servers
without ever touching the passwd and group files...

Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20160809/5c656717/signature.sig>