[Samba] idmap config ad
Harry Jede
walk2sun at arcor.de
Mon Jan 28 17:07:35 UTC 2019
Am 28.01.19 um 16:46 schrieb Viktor Trojanovic via samba:
> So, a few questions come to mind:
>
> - Did I miss something important?
> - When would you actually choose the rid backend over the ad one?
If you are to lazy or to busy to fill in all required unix attributes.
And yes, do not forget maintenance.
> - Can you mix the two, i.e. have rid on one member and ad on the other?
Do not do that! You wish to have consistence on all unix domain members.
So, choose one or the other.
> I assume that, even if possible, it wouldn't make sense since you
> already went through the trouble of creating the rfc2307 attributes,
> you may just as well use them on all members!
> - If you set up your member and came to the conclusion you needed the
> other backend, most likely from rid to ad, how would you switch?
The rid back end computes the uid and gid. As long as you setup
identical ranges in smb.conf on all unix members you get always the same
numbers which results in same rights.
If you do not forget the ranges in smb.conf you can manually compute
uid/gid numbers. The formula is in
man idmap_rid.
THE MAPPING FORMULAS
The Unix ID for a RID is calculated this way:
ID = RID - BASE_RID + LOW_RANGE_ID.
Correspondingly, the formula for calculating the RID for a given
Unix ID is this:
RID = ID + BASE_RID - LOW_RANGE_ID.
>
>
> Viktor
--
Harry Jede
More information about the samba
mailing list