[Samba] idmaps, again
Rowland Penny
rpenny at samba.org
Thu Mar 21 21:42:00 UTC 2019
On Thu, 21 Mar 2019 22:34:02 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Am 21.03.19 um 19:54 schrieb Rowland Penny via samba:
>
> > This is one of the decisions you have to make, do you want to have
> > the same ID's everywhere, or just on Unix domain members ?
>
> We only have one Unix domain member aside from the DCs and that is the
> samba file server.
>
> > Do you want to
> > set different login shells and/or different home directories ?
>
> nope
>
> the AD users don't do ssh or bash or so ... "only" file access and
> stuff like login/logout and GPOs etc
>
> (only I and the main admin there use ssh to the servers ...)
Then you don't really need to be using the 'ad' backend.
>
> > If you want the same ID's everywhere and the ability to set
> > different login shells/homedirectories for your users, then you
> > must use the 'ad' backend, this does involve adding uidNumber
> > attributes to the user objects. This is what the Unix Attributes
> > tab used to do.
> >
> > If none of the above applies, then you can use the 'rid' backend,
> > this will give you the same ID's on all Unix domain members, but
> > all users that connect to the computer will get the same login
> > shell and homedirectory, you also will not have to add anything to
> > AD.
>
> And is it possible to change the backend from ad to rid with
> reasonable effort?
Yes and then again no ;-)
Yes, it is easy to change from 'ad' to 'rid', but you would also have
to change the file ownerships as well.
Rowland
More information about the samba
mailing list