[Samba] Avoiding uid conflicts between rfc2307 user/groups and computers

Björn JACKE bjacke at SerNet.DE
Fri Jan 12 14:42:09 UTC 2018


On 2018-01-12 at 14:23 +0100 Prunk Dump via samba sent off:
> I have some conflicts between uid stored in the rfc2307 attributes and
> some local uid from idmap.ldb

you should not set up any share except for the default sysvol/netlogon share on
the AD DC. If you have no other machine available you can set up a member
server for file shares via a lxc container on the same physical machine while
still having it logically separated from the DC. The problem with missing posix
IDs exists because these days Windows clients occasionally work with their
machine account instead of the connecting user account. One option is to assign
rfc2307 attributes also for all the machine accounts, too. The other option is
to avoid using rfc2307 idmapping all together and not use idmap ad on the
member server but idmap rid or idmap autorid instead on the member server, that
will work reliably for any user even when no uidnumber/gidnumber attributes had
been assigned.

Björn
-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de



More information about the samba mailing list