[Samba] "samba-tool user add" and idmap shenanigans

Stuart Longland stuartl at vrt.com.au
Mon Feb 1 20:44:36 UTC 2016 

On 01/02/16 19:20, Rowland penny wrote:
> Yes, The DCs and domain members work differently. On a DC, windows users 
> are mapped to Unix users in 'idmap.ldb', this is where you will find the 
> xidNumber attributes. On a domain member, the users are mapped via 
> winbind and there are several backends available, though only two are 
> really used, the 'ad' & 'rid' backends. If you use the 'ad' backend, you 
> will have to give all users, that you want to be visible to Unix, a 
> uidNumber attribute and Domain Users (at least) a gidNumber. If you use 
> the 'rid' backend, you do not have to add anything to AD, but you may 
> want to add the 'template' lines to smb.conf on the domain member (see 
> man smb.conf).

Sounds like the 'rid' backend may prove more flexible in many ways.  I
take it that using the 'rid' backend, I still get group membership
information and other metadata provided?

Alternatively, is there a flag I can pass to `samba-tool` that would
automatically assign a uidNumber as this is what smbldap-tools and the
good ol'e useradd tools did.  (e.g. adding one to the last allocated
UID.  Or using xidNumber, since that works too for our needs.)

> You may also want investigate using a later version of Samba, the 
> version available from ubuntu is old and in fact when Samba 4.4.0 comes 
> out (due start of March), the 4.1.x series will go EOL. You could use 
> the latest freely available Sernet version, this will get you 4.2.x, or 
> you could very easily compile Samba yourself, if you go down this path, 
> you can get the latest version.

Indeed, the fun of using the stable branch of a Linux distribution.  If
I had my way, we'd be running Gentoo and thus have the latest Samba by
default.

I'll have a look at the Sernet and see if there's any other Samba
backports to Ubuntu 14.04 -- I can't be the only one facing this issue.
(Probably wouldn't be hard to nick the deb sources from the upcoming
Ubuntu 16.04 and re-compile them on 14.04 too.)

Regards,
-- 
     _ ___             Stuart Longland - Systems Engineer
\  /|_) |                           T: +61 7 3535 9619
 \/ | \ |     38b Douglas Street    F: +61 7 3535 9699
   SYSTEMS    Milton QLD 4064       http://www.vrt.com.au

More information about the samba mailing list