[Samba] uidNumber=RID allowed or not recommended?
Ralf Spenneberg (Samba)
maillist at spenneberg.de
Fri Mar 1 12:05:35 UTC 2019
Hi,
the samba documentation concerning the migration of a Samba NT4 domain
to AD
(https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade))
mentions in section "Important Notes":
It used to be thought that using Windows RIDs for Unix IDs was
acceptable, time has proven otherwise.
But unfortunately no reasoning is given. I am wondering why this is not
recommended.
We are currently planning such a migration. Unfortunately we have to set
the uidNumber=RID for all users. Currently around half the users have
this setting based on LDAP. This is required so that a third party
application will work after the migration. This third party application
is samba aware but when using Samba NT4 style domains the application
uses the uidnumber for internal identification and when using AD style
domains the RID is used. The migration will therefore screw the internal
identification of the users when migrating.
We did not encounter any problems with those users currently using
uidNumber=RID and would like to modify the other users as well.
I am aware of the fact, that we need to adapt the local privileges on
the Samba fileservers as well.
Any hints or ideas are welcome.
Kind regards,
Ralf
More information about the samba
mailing list