[Samba] [samba] Winbindd without RFC2307 question

L.P.H. van Belle belle at bazuin.nl
Thu Jul 20 10:04:57 UTC 2017 

Why match the uid/gid, if you do that, you will have to do that on every member. 
Since no member is the same with uid/gid when you use RID.

I would suggest you make a script based on username/group 
This way you can use it on any server. 

But thats just my thoughts.. 

Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> mathias dufresne via samba
> Verzonden: donderdag 20 juli 2017 11:57
> CC: samba
> Onderwerp: Re: [Samba] [samba] Winbindd without RFC2307 question
> 
> 2017-07-19 23:04 GMT+02:00 Rowland Penny via samba 
> <samba at lists.samba.org>:
> 
> > On Wed, 19 Jul 2017 22:27:55 +0200
> > Emmanuel Blindauer via samba <samba at lists.samba.org> wrote:
> >
> > > On 19/07/2017 16:54, mathias dufresne via samba wrote:
> > > > Thank you both for your replies. Unfortunately I will 
> not be able 
> > > > to use rfc2307 and then uidNumber and co until they 
> modify their 
> > > > AD. It would perhaps be done soon but for now, no real idea.
> > > >
> > > > So back to Rowland's proposition to use "rid" backend 
> rather than 
> > > > "ad" backend for idmap configuration.
> > > > To switch from "ad" to "rid" idmap backend I just changed :
> > > > idmap config CENTORIAL:backend = ad into idmap config 
> > > > CENTORIAL:backend = rid
> > > >
> > > > Then I reload everything with "smbcontrol all reload-config"
> > > >
> > > > To finally test all that with "id username" which 
> wasn't working.
> > > >
> > > > I just restart the samba processes (systemctl restart 
> blablabla) 
> > > > and all went well.
> > > >
> > > > Thank you again :)
> > > >
> > > > Have a nice day all,
> > > >
> > > > mathias
> > > there is also a recent  idmap_nss which can be a solution if you 
> > > have another way to manage uidNumber while keeping cn=uid
> > >
> >
> 
> Thank you for the hint but with idmap_rid it seems I've got 
> what I need.
> Now I'm looking for a way to reproduce UID/GID from the old 
> Samba server on the new one (we're migrating some files server).
> Extracting UID/GID for each file is easy, using that to 
> produce a list of all users with username uid and gid is then 
> quite simple.
> 
> The difficulty would be to insert all these username:uid:gid 
> into the RID database of the new Samba server... Using 
> RFC2307 would be so much easier...
> 
> 
> >
> > The whole idea behind AD is to have a central store for users and 
> > groups. Using idmap_nss will go back to the old way of 
> doing things, 
> > because you need users on the fileserver and in AD, if you have 
> > multiple fileservers, you will need the user on all of them.
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list