[Samba] Man page for idmap_rid

Rowland Penny rpenny at samba.org
Wed Aug 10 14:04:07 UTC 2016

On Wed, 10 Aug 2016 10:42:11 -0300
francis picabia via samba <samba at lists.samba.org> wrote:

> On a few dozen systems running Linux and Solaris and in production,
> MYDOM\username = username  as far as we are concerned.  It isn't
> unique to Samba.  Many applications have a local user which
> maps to the AD user and make the assumption they are the same,
> which we can do because we administer both ends.  We're not
> talking about self-sign up portals and mailing lists, but things
> which are under one administration.
> Other than the case of bug report 10604 and Samba 4.2.10 on Debian,
> this solution has been working well for us.

Sorry, but you still don't seem to have got the message, you map local
Unix users to AD users only if you are using Samba as a standalone
server or in an NT4-style domain.

You do not map users in an AD domain, you make the AD users become
local Unix users by adding RFC2307 attributes or by using the winbind
'rid' backend, this way, you do not need the users in /etc/passwd and
in fact, they must not be in /etc/passwd

rowland at devstation:~$ getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
rowland at devstation:~$ cat /etc/passwd | grep rowland
rowland at devstation:~$ 
rowland at devstation:~$ 

As you can see, I exist as a local Unix user, but I am not
in /etc/passwd


More information about the samba mailing list