[Samba] Automatic creation of local users

L.P.H. van Belle belle at bazuin.nl
Tue Dec 20 10:10:30 UTC 2016 


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via
> samba
> > So you fixed it and not disable-ing it.
.....
> 
> No, he borked it.
Yeah, my typos..  :-( thats what i meant.. 

> 
> >
> > You system used id range 0-1000+   ( and first user gets 1000 )
> > The Windows | BUILDIN matches : idmap config *:
> > But is set to wide, it also matched the linux id's.
> 
> I have given up worrying about things like this, if people are stupid
> enough to use such low IDs. it is their look out.
Its not always their look out, maybe its mis interpetation, because english is not their native language, but lucky this wil be noticed by samba in the future. 

I saw the work in progress, look great, and it wil help lots of people :-) 

> 
> >
> > Now Samba AD (with AD BACKEND) starts with idmap config DOMAIN
> > 10000-999999 by default.
> >
> > A prefferded layout for idmap config.
> >
> > 	# maps to windows  BUILDIN/LOCAL ID's
> >          idmap config *:backend = tdb
> >          idmap config *:range = 2000 - 9999
> > 	# the AD has as start 10000-99999
> >          idmap config SUBDOMAIN:backend = ad
> >          idmap config SUBDOMAIN:schema_mode = rfc2307
> >          idmap config SUBDOMAIN:range = 10000 - 99999
> >
> > with this setup you have the followin options.
> > 1) Linux ids only , range 0-1999
> > 2) Linux id + Windows BUILDIN/Windows local id's.
> > 3) Windows AD id's
> >
> > Now thew problem you had with your user was not because it did not
> > exit in linux, but it mismatched its id.
> 
> No, it was probably because the user didn't have a uidNumber or its
> contents were invalid.
Yeah possible, but probably .. as you sad.. we cant 100% be sure here.. 

> 
> >
> > If you want a "linux only users" create an user and keep its id below
> > 1999.
> 
> Agreed

> 
> >  If you want a linux user with but with some windows abilities,
> > create a linux user with id between 2000-9999
> 
> No, a user is either a Unix user or a windows user that is also a Unix
> user. You cannot have a user in /etc/passwd and in AD.
Thats not what i meant its OR a linux user OR a windows user.
But which you create is depending on the need.
I can create a linux user to manipulate things as windows user on windows shares per server. 
Or i can create a windows "buildin\username" which can be use "per server" 
But with care for both since, the id of this user dont have to be the same. 

Your ok with this? This is how i use it.
I'll try to make these thing more clear next time. 

> 
> >
> > And windows users which need linux access, gets id's between
> > 10000-999999
> 
> Agreed
> 
> >
> > And if you change the id's, dont forget to clear the idmap cache
> > files.
> 
> By running 'net cache flush'
> 
> Rowland

Louis

> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list