[Samba] idmaps, again
Rowland Penny
rpenny at samba.org
Thu Mar 21 18:54:26 UTC 2019
On Thu, 21 Mar 2019 19:31:01 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Today a topic popped up again, which I already wrote about in this
> thread a while ago:
>
> https://groups.google.com/forum/#!topic/linux.samba/w2B-0bRy9_0
>
> Creating new users via ADUC under Windows10 still gives us users with
> missing attributes like uidNumber etc
>
> As far as I understand, this simply doesn't work with Win10, related
> to
>
> https://wiki.samba.org/index.php/Installing_RSAT#Missing_Unix_Attributes_tab_in_ADUC_on_Windows_10_and_Windows_Server_2016
>
> ?
>
> What are my options here?
>
> So far we created users on the shell, via samba-tool. Now there is a
> junior admin on site and it would be nice to be able to use ADUC as
> well.
>
> Is it possible/reasonable to fiddle with the ID mapping? Swap the
> backend?
>
> We have 2 samba DCs and one samba DM there (4.9.x currently), about 50
> users in AD (and in turn maybe 30-40 windows machines as well), if
> that is relevant in any way.
>
> Sorry for still not having fully understood these mapping issues ...
>
This is one of the decisions you have to make, do you want to have the
same ID's everywhere, or just on Unix domain members ? Do you want to
set different login shells and/or different home directories ?
If you want the same ID's everywhere and the ability to set different
login shells/homedirectories for your users, then you must use the 'ad'
backend, this does involve adding uidNumber attributes to the user
objects. This is what the Unix Attributes tab used to do.
If none of the above applies, then you can use the 'rid' backend, this
will give you the same ID's on all Unix domain members, but all users
that connect to the computer will get the same login shell and
homedirectory, you also will not have to add anything to AD.
Rowland
More information about the samba
mailing list