[Samba] [samba] Winbindd without RFC2307 question

mathias dufresne infractory at gmail.com
Thu Jul 20 13:00:17 UTC 2017 

2017-07-20 12:49 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:

> On Thu, 20 Jul 2017 12:04:57 +0200
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
> > Why match the uid/gid, if you do that, you will have to do that on
> > every member.
>

Because it is a migration, data are existing for years. Files and
directories are owned by UNIX users (at least at file system level). To
keep ownership I see only two choices: reproduce UID/GID on the new server
or change rights on every files and folders.


>
> To do this, you will have to use the 'ad' backend and RFC2307
> attributes
>

Yep, to avoid that mess using UNIX attributes into AD LDAP tree will
greatly simplify that dumb task.


>
>
> > Since no member is the same with uid/gid when you use
> > RID.
>
> Not entirely true ;-)
> If you use exactly the same [global] portion of smb.conf on every Unix
> machine, you will get the same UIDs & GIDs (note, you do not need to
> have a 'netbios name' parameter in smb.conf)
>

I would have thought as Louis that the result of using idmap_rid (or more
generally not using centralized DB to store UID/GID list) would father
randomly attributed UID/GID.

My thought, which can easily be wrong, was:
members work identically (same range to attribute xID)
members don't discuss together to exchange UID/GID list

So they will attribute UID/GID on the fly, with first logged user (let's
call that one userA) getting first available UID/GID.
Then if on some other server the first logged user (let's call this one
userB) is not the same than the first user on the other server
If members really attribute first number to first connected users, this
will result userA on serverA having same UID/GID than userB on serverB.

I could be wrong but if it the case I would greatly appreciate to be
explained why I was wrong.


>
> >
> > I would suggest you make a script based on username/group
> > This way you can use it on any server.
>
> You could always tell us what you have at the moment and we can advise
> from there, posting your existing smb.conf is bound to help ;-)
>

I thought explanation were already there. I'm mainly accused to speak too
much, rarely to not speak enough, so I try to avoid repeating myself (which
I already do)
So, you asked, I repeat :)

That's a Samba files server migration. A samba server is existing, it hosts
data, data are owned by users, user's UID/GID were generated by Samba on
the old server (security = ADS + passdb backend =
tdbsam:/etc/samba/private/passdb.tdb).

As data are existing and are owned by users, I must keep user ownership on
the new server.

To keep user ownership the two options I see are (as already written
earlier in that mail) to reproduce UID/GID in users list or if users'
UID/GID are changed I must also change rights applied on the FS.

Now you asked for my smb.conf, the one from the new server is the one I
exposed in my first mail in that thread.
Regarding the old server I put in parenthesis earlier the only two lines
which seems (to me) related to authentication and xID attribution.

Cheers,

mathias


>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list