[Samba] [samba] Winbindd without RFC2307 question
L.P.H. van Belle
belle at bazuin.nl
Thu Jul 20 10:04:57 UTC 2017
Why match the uid/gid, if you do that, you will have to do that on every member.
Since no member is the same with uid/gid when you use RID.
I would suggest you make a script based on username/group
This way you can use it on any server.
But thats just my thoughts..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> mathias dufresne via samba
> Verzonden: donderdag 20 juli 2017 11:57
> CC: samba
> Onderwerp: Re: [Samba] [samba] Winbindd without RFC2307 question
>
> 2017-07-19 23:04 GMT+02:00 Rowland Penny via samba
> <samba at lists.samba.org>:
>
> > On Wed, 19 Jul 2017 22:27:55 +0200
> > Emmanuel Blindauer via samba <samba at lists.samba.org> wrote:
> >
> > > On 19/07/2017 16:54, mathias dufresne via samba wrote:
> > > > Thank you both for your replies. Unfortunately I will
> not be able
> > > > to use rfc2307 and then uidNumber and co until they
> modify their
> > > > AD. It would perhaps be done soon but for now, no real idea.
> > > >
> > > > So back to Rowland's proposition to use "rid" backend
> rather than
> > > > "ad" backend for idmap configuration.
> > > > To switch from "ad" to "rid" idmap backend I just changed :
> > > > idmap config CENTORIAL:backend = ad into idmap config
> > > > CENTORIAL:backend = rid
> > > >
> > > > Then I reload everything with "smbcontrol all reload-config"
> > > >
> > > > To finally test all that with "id username" which
> wasn't working.
> > > >
> > > > I just restart the samba processes (systemctl restart
> blablabla)
> > > > and all went well.
> > > >
> > > > Thank you again :)
> > > >
> > > > Have a nice day all,
> > > >
> > > > mathias
> > > there is also a recent idmap_nss which can be a solution if you
> > > have another way to manage uidNumber while keeping cn=uid
> > >
> >
>
> Thank you for the hint but with idmap_rid it seems I've got
> what I need.
> Now I'm looking for a way to reproduce UID/GID from the old
> Samba server on the new one (we're migrating some files server).
> Extracting UID/GID for each file is easy, using that to
> produce a list of all users with username uid and gid is then
> quite simple.
>
> The difficulty would be to insert all these username:uid:gid
> into the RID database of the new Samba server... Using
> RFC2307 would be so much easier...
>
>
> >
> > The whole idea behind AD is to have a central store for users and
> > groups. Using idmap_nss will go back to the old way of
> doing things,
> > because you need users on the fileserver and in AD, if you have
> > multiple fileservers, you will need the user on all of them.
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list