[Samba] ACL SHARE
Rowland Penny
rpenny at samba.org
Thu Jun 29 20:01:32 UTC 2017
On Thu, 29 Jun 2017 14:30:05 -0500
Andrew Walker via samba <samba at lists.samba.org> wrote:
> On Tue, Jun 27, 2017 at 3:29 PM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
> >
> > I would tend to agree, if you only have one or two fileservers, you
> > can use the 'rid' backend, any more than that, use the 'ad'
> > backend. If you use a DC as a fileserver (not really recommended,
> > but sometimes you have to) use the 'ad' backend.
> >
> > Rowland
> >
>
> A bit off topic, but I'm curious about why you advise not using the
> idmap_rid backend if you have more than one or two servers. Is this
> for simplicity in administration (i.e. not having to configure idmap
> ranges) or is there something about idmap_rid that makes it somewhat
> undesirable in such scenarios?
>
> Andrew
OK, if you use the 'rid' backend, you need to use the same smb.conf on
all of them. You can if you so wish, use 'rid' on more than two
servers, but it can get confusing.
Using the 'ad' backend means that users and groups are certain to get
the same IDs everywhere or they will be ignored if the range is set
incorrectly on a particular Samba server. It also means that you can
easily sync files between servers and be certain that they will still
be owned by the correct user.
When it comes down to it, it is YOUR domain and you can use which ever
winbind backend you like, my preferences are above, but you don't
have to follow them ;-)
More information about the samba
mailing list