[Samba] Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication

Goetz, Patrick G pgoetz at math.utexas.edu
Wed Jun 19 12:08:01 UTC 2019

On 6/19/19 2:16 AM, L.P.H. van Belle via samba wrote:
> So your admins dont know how to use RSAT, it that what your saying?
> Or are they just lazy..
> https://www.server-world.info/en/note?os=Windows_Server_2019&p=active_directory&f=12
> Its just a pain to register the used UID/GID numbers.

It's a bit more complicated than that.  There are about 50,000 students 
at any time at the university, with ~25% changing every year.  So in 
this case there are hundreds of thousands of user accounts that have to 
be managed indefinitely (because you can't just delete the account after 
students leave).  To manage this, the university has a central identity 
authority, and this is the source of the problem, in this case:  the 
users in the AD domain are episodically (daily) sourced from the 
identity authority, and the way they do this is to just flush the 
records and repopulate.  Even if we did add the POSIX stuff to the AD 
DB, it would get flushed on next reload.

But yeah, there's probably a way to work around this.  Wouldn't call it 
the greatest IT department, and getting steadily worse as they continue 
to low ball salaries and attempt to outsource everything to the cloud. 
In any case, it's not something I control or can do anything about.

More information about the samba mailing list