[Samba] Man page for idmap_rid
francis picabia
fpicabia at gmail.com
Tue Aug 9 18:21:53 UTC 2016
On Tue, Aug 9, 2016 at 3:00 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Tue, 9 Aug 2016 14:49:37 -0300
> francis picabia <fpicabia at gmail.com> wrote:
>
> > On Tue, Aug 9, 2016 at 1:58 PM, Rowland Penny via samba <
> > samba at lists.samba.org> wrote:
> >
> > > On Tue, 9 Aug 2016 13:37:18 -0300
> > > francis picabia <fpicabia at gmail.com> wrote:
> > >
> > >
> > > >
> > > > getent passwd username
> > > >
> > > > (or "theusername") is not the literal command. I substitute
> > > > 'username' here to protect the user id.
> > > > genent passwd on the user does work and it returns uid and gui of
> > > > 1000, exactly what we see in the /etc/passwd file. It is the same
> > > > output as grep 'username' on /etc/passwd
> > > >
> > > > Remember, when winbind is off, it works. This is certainly bug
> > > > 10604 by all measures.
> > >
> > > And I think you have just posted your problem!
> > >
> > > Lets use 'fred' as one of your users, replace 'fred' with a real
> > > users name
> > >
> > > Do you have a user called 'fred' in /etc/passwd *and* in AD ?
> > >
> > > If so, choose one and then delete the other, you cannot have them in
> > > both.
>
Here you wrote that a user *cannot* be in both /etc/passwd and AD.
> >
> >
> > I don't think you've done this before. Have you used security = ads?
>
> ROFL ROFL ROFL
>
> Can I direct you to my email address.
>
> >
> > I have dozens of servers and hundreds of users running just fine
> > with this. Having the same user defined in both Linux and AD,
> > and mapping it for authentication is the whole point.
>
> That was the old way, if you are using AD, you do not need Unix users
> in /etc/passwd and in fact, you should not have users in
> both /etc/passwd and AD.
>
*Should* not? What does that mean? Sounds different than can not.
> To make an AD user a Unix user, either add RFC2307 attributes to the
> users object in AD and then use the winbind 'ad' backend, or use the
> 'rid' backend, in which case you do not have to add anything to AD.
>
Now we *can* have a Unix user in AD?
I'm not sure which of the three statements has any meaning. I don't know if
English is your native language, but there are differences in truth logic
in the three ways the statement on user mapping support has been made.
I've been working with the third statement being true and exercising the
rid option.
More information about the samba
mailing list