[Samba] Mapping UIDs on Linux to same UID as AD-bound Mac is mapping to

Rowland penny rpenny at samba.org
Tue Feb 16 21:36:04 UTC 2016


On 16/02/16 21:26, Brett Randall wrote:
> Rowland writes:
>>> So, since the Linux Samba is the one using sequential UIDs where it
>>> generates a new UID each time a new user is identified, and the Mac is
>>> using somewhat AD-generated UIDs, my preference is to somehow make
>>> Linux Samba work the same way that Apple generates UIDs.
>> Whilst something like this may happen sometime in the future, at the
>> moment it doesn't. If you have a mixture of windows, mac and linux
>> machines, you need to use RFC2307 attributes. There is a specific mac vfs
>> module available for samba that may help you, this is vfs_fruit, never used it
>> myself, but I am assured it helps.
> Thanks Rowland, I wasn't aware of RFC2307 and found idmap_ad which may just do what I need. I just need to come up with a plan for populating uidNumber and gidNumber in AD in a way that makes sense and has no room for human error. Looked into vfs_fruit, bit confused about how it would help but will keep researching.
>
> Brett.
>

If you weren't aware of the rfc2307 attributes, then you probably also 
aren't aware of the msSFU30MaxUidNumber & msSFU30MaxGidNumber attributes 
that should be in:

CN=samdom,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=samdom,DC=example,DC=com

Where 'samdom' is your lowercase workgroup name and 
'DC=samdom,DC=example,DC=com' is your AD rootdse

These two attributes are where windows stores the next uidNumber & 
gidNumber, both usually start at 10000

Rowland




More information about the samba mailing list