[Samba] Slow, Incorrect Group Resolution through Winbind
Rowland Penny
rpenny at samba.org
Wed Sep 13 16:49:05 UTC 2017
On Wed, 13 Sep 2017 12:37:17 -0400
Sonic <sonicsmith at gmail.com> wrote:
> On Wed, Sep 13, 2017 at 12:22 PM, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > For the 'DOMAIN' domain you can use several different backends
> > (rid, ad etc) but I wouldn't use the tdb backend, how are you going
> > to be sure you will get the same IDs on all Unix machines ?
>
> That's exactly why I personally use rid for the DOMAIN domain.
> However, you seemed to suggest that my post was incorrect because I
> left the OP's desired backend (not my choice) in place during my
> reply, which still, as far as I can tell, is not an incorrect
> configuration via the info in the man page. If indeed my answer was
> incorrect than the man page needs some updating.
>
> Chris
You posted:
Should be more like:
idmap config STUDENTS : range = 16777216-33554431
idmap config STUDENTS : backend = tdb
And, yes the smb.conf manpage does say this:
These are suitable for use in the default idmap configuration.
and refer to tdb,tdb2 and ldap. I wouldn't use any of these on a Unix
domain member, because the manpage also says this:
these create mappings of their own using internal unixid counters and
store the mappings in a database.
This means there is no way to ensure that users and groups will get the
same ID on different Unix domain members.
Rowland
More information about the samba
mailing list