[Samba] Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
Goetz, Patrick G
pgoetz at math.utexas.edu
Wed Jun 19 12:08:01 UTC 2019
On 6/19/19 2:16 AM, L.P.H. van Belle via samba wrote:
>
> So your admins dont know how to use RSAT, it that what your saying?
> Or are they just lazy..
>
> https://www.server-world.info/en/note?os=Windows_Server_2019&p=active_directory&f=12
> Its just a pain to register the used UID/GID numbers.
>
It's a bit more complicated than that. There are about 50,000 students
at any time at the university, with ~25% changing every year. So in
this case there are hundreds of thousands of user accounts that have to
be managed indefinitely (because you can't just delete the account after
students leave). To manage this, the university has a central identity
authority, and this is the source of the problem, in this case: the
users in the AD domain are episodically (daily) sourced from the
identity authority, and the way they do this is to just flush the
records and repopulate. Even if we did add the POSIX stuff to the AD
DB, it would get flushed on next reload.
But yeah, there's probably a way to work around this. Wouldn't call it
the greatest IT department, and getting steadily worse as they continue
to low ball salaries and attempt to outsource everything to the cloud.
In any case, it's not something I control or can do anything about.
More information about the samba
mailing list