[Samba] Man page for idmap_rid

Rowland Penny rpenny at samba.org
Tue Aug 9 19:41:58 UTC 2016


On Tue, 9 Aug 2016 16:29:12 -0300
francis picabia via samba <samba at lists.samba.org> wrote:

> On Tue, Aug 9, 2016 at 3:07 PM, Jeremy Allison via samba <
> samba at lists.samba.org> wrote:
> 
> > On Tue, Aug 09, 2016 at 07:50:12PM +0200, Michael Adam via samba
> > wrote:
> > > On 2016-08-09 at 17:58 +0100, Rowland Penny via samba wrote:
> > > > On Tue, 9 Aug 2016 13:37:18 -0300
> > > > francis picabia <fpicabia at gmail.com> wrote:
> > > >
> > > >
> > > > >
> > > > > getent passwd username
> > > > >
> > > > > (or "theusername") is not the literal command.  I substitute
> > > > > 'username' here to protect the user id.
> > > > > genent passwd on the user does work and it returns uid and
> > > > > gui of 1000, exactly what we see in the /etc/passwd file.  It
> > > > > is the same output as grep 'username' on /etc/passwd
> > > > >
> > > > > Remember, when winbind is off, it works.  This is certainly
> > > > > bug 10604 by all measures.
> > > >
> > > > And I think you have just posted your problem!
> > > >
> > > > Lets use 'fred' as one of your users, replace 'fred' with a
> > > > real users name
> > > >
> > > > Do you have a user called 'fred' in /etc/passwd *and* in AD ?
> > > >
> > > > If so, choose one and then delete the other, you cannot have
> > > > them in both.
> > >
> > > *Not* setting 'winbind use default domain = yes' will allow you
> > > to have them both. And they will be what they shoult be: two
> > > different users. With different unix IDs.
> >
> > But to clarify, they will then be user 'fred' and user
> > 'DOMAIN\fred'. Not the same name at all..
> > <https://lists.samba.org/mailman/options/samba>
> >
> 
> That's like saying a beer poured from a bottle into the glass is not
> the same beer.
> If that is what all this disagreement has been about, it is very sad.

If you cannot understand that 'fred' and 'DOMAIN\fred' are different
users, then try and understand it this way, user 'fred' is not the same
user as 'barney', do you agree with this ?
Now replace 'barney' with 'DOMAIN\fred', the 'DOMAIN\' bit makes him a
different user.


> 
> We've modified our smb.conf shares about 10 years ago to have
> valid users with MYDOM\user and it has worked very well.  It is
> still working well for the most part.

Yes and in ten years, a very lot of Samba has changed.

Rowland



More information about the samba mailing list