[Samba] idmaps, again

Rowland Penny rpenny at samba.org
Thu Mar 21 21:42:00 UTC 2019

On Thu, 21 Mar 2019 22:34:02 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:

> Am 21.03.19 um 19:54 schrieb Rowland Penny via samba:
> > This is one of the decisions you have to make, do you want to have
> > the same ID's everywhere, or just on Unix domain members ?   
> We only have one Unix domain member aside from the DCs and that is the
> samba file server.
> > Do you want to
> > set different login shells and/or different home directories ?  
> nope
> the AD users don't do ssh or bash or so ... "only" file access and
> stuff like login/logout and GPOs etc
> (only I and the main admin there use ssh to the servers ...)

Then you don't really need to be using the 'ad' backend.

> > If you want the same ID's everywhere and the ability to set
> > different login shells/homedirectories for your users, then you
> > must use the 'ad' backend, this does involve adding uidNumber
> > attributes to the user objects. This is what the Unix Attributes
> > tab used to do.
> > 
> > If none of the above applies, then you can use the 'rid' backend,
> > this will give you the same ID's on all Unix domain members, but
> > all users that connect to the computer will get the same login
> > shell and homedirectory, you also will not have to add anything to
> > AD.  
> And is it possible to change the backend from ad to rid with
> reasonable effort?

Yes and then again no ;-)

Yes, it is easy to change from 'ad' to 'rid', but you would also have
to change the file ownerships as well.


More information about the samba mailing list