[Samba] winbind on DC : how use gidNumber instead of primaryGroupID as user's primary group
L.P.H. van Belle
belle at bazuin.nl
Wed Aug 21 08:43:22 UTC 2019
Hai Baptiste,
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Prunk Dump via samba
> Verzonden: woensdag 21 augustus 2019 10:05
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] winbind on DC : how use gidNumber
>
> Thank you very much Louis for your help !!!
Your welkom.
>
> You have got exactly the same conclusion than me. On DC it's not
> possible to make winbind return the gid I want. And on members
> everything is coherent. (Note that the group corresponding to gid on
> DC seems to be always the first group displayed after Domain Users).
>
> And these uid/gid are used by the nfsv4 server to manage files. So if
> my nfsv4 server is on a DC :
> -> When on the member my testuser (uid=testuser, gid=teachers) create
> a file on the nfsv4 share
> -> The DC translate the user uid/gid and create a file owner by
> "testuser:domain users"
> -> If I check the file uid/gid from member I see
> "uid=testuser, gid=domain user"
>
> So the "problem" is that, with the nfsv4 server on DC, when my users
> create files with uid=A/gid=B, the file is created with
> uid=A,gid=Domain Users.
This should not really be a problem as long as your using "Creator Owner/Creator Group" ( chmod 3XXX 4XXX)
There is more about this, im writing that out in my new howto's.
This has all todo with the network desigh and file/folder setup, as in your rights structure.
>
> For years I found problematic this limitation about serve files on DC.
Yes, and here the solution is very simpel, stop using the DC as fileserver.
> How do to design your network Louis to get a member file server ?
> -> You use virtualization ?
Yes, i use virtualization, i use XCP-NG the free/opensource version of Xenserver.
I like it.
> -> You use LXC ?
No, never have.
> -> You use two physical servers ?
Uh.. I have about 10 physicals here and about 15 virtuals.
>
> How OP do in general here ? Is there some tutorial about LXC setup for
> samba around here ? I have only one physical server....
Show me the specs of you server:
CPU =
RAM =
Harddisks
How much and in RAID X?
ssd/scsi/sata?
Possible also the RPM if its not SSD
I'll have a look at it, what is wize to say.
>
> @Louis :
> It's seems that we are working you and me on network design for
> school/enterprise no ?
And yes, currently im writing my new howto ( on a secret website ;-) ).
I'm writing out my running network here and yeah, that is enterprize ready.
Note, i started 2 days ago with it, so before its online..
Well, that will take a bit more time, im also adding why i do things a certain way.
> If you are interested I try to publish my work now :
> https://github.com/prunkdump/sclustered
>
That looks interesting.
> Maybe we can works together or exchange some part of our design. If
> you have a virtual machine emulator you can get my setup running in
> less than 30 minutes (I use puppet for configuration). If you want
> some info contact me by email.
Well, i never used puppet, i did have a look at that, but never tried it.
Its on my list, to learn, but atm time is not my friend, it does not happen often,
but i really have to do some work in the office.. :-(
But sure we can always share/exchange design/setup parts.
Once i have written the setup of AD-DC + an DC join + an member.
Then we could talk, because then you have,
what i use as base setup and the how and why i use that as base.
So far,
>
> Regards,
>
> Baptiste.
>
Greetz,
Louis
More information about the samba
mailing list