[Samba] idmap config ad

Harry Jede walk2sun at arcor.de
Mon Jan 28 17:07:35 UTC 2019

Am 28.01.19 um 16:46 schrieb Viktor Trojanovic via samba:
> So, a few questions come to mind:
> - Did I miss something important?
> - When would you actually choose the rid backend over the ad one?

If you are to lazy or to busy to fill in all required unix attributes. 
And yes, do not forget maintenance.

> - Can you mix the two, i.e. have rid on one member and ad on the other? 

Do not do that! You wish to have consistence on all unix domain members. 
So, choose one or the other.

> I assume that, even if possible, it wouldn't make sense since you 
> already went through the trouble of creating the rfc2307 attributes, 
> you may just as well use them on all members!

> - If you set up your member and came to the conclusion you needed the 
> other backend, most likely from rid to ad, how would you switch?

The rid back end computes the uid and gid. As long as you setup 
identical ranges in smb.conf on all unix members you get always the same 
numbers which results in same rights.

If you do not forget the ranges in smb.conf you can manually compute 
uid/gid numbers. The formula is in

man idmap_rid.

        The Unix ID for a RID is calculated this way:

                           ID = RID - BASE_RID + LOW_RANGE_ID.

        Correspondingly, the formula for calculating the RID for a given 
Unix ID is this:

                           RID = ID + BASE_RID - LOW_RANGE_ID.

> Viktor 

Harry Jede

More information about the samba mailing list