[Samba] Samba 4.10.6-1 Configuration on AIX
Rowland penny
rpenny at samba.org
Thu Feb 13 08:10:50 UTC 2020
On 13/02/2020 06:54, Bob Wyatt wrote:
> Rowland,
>
> If you were up for another hint at rid versus ad... I'd like to understand a bit more.
> With rid, I map the administrator to root only... no mapping of users in AIX.
> How does Samba figure out that bobw at mydomain.com should use the samba user ID bobwsmb?
It calculates the Unix user or group ID from the objects RID in AD,
combined with the lower range number set in smb.conf.
For instance, the SID for Domain Admins will be in this format:
S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-512
The RID is the last set of numbers. For Domain Admins, this is always '512'
The Unix ID is calculated like this:
ID = RID + LOW_RANGE_ID
So, if the lower range number is 10000, this becomes:
ID = 512 + 10000
Which is:
ID = 10512
For more info, read 'man idmap_rid'
>
> If I use ad, I would use rfc2307 attributes to address that (I think).
If you use idmap_rid and use the same smb.conf on all Unix computers,
you will get the same Unix ID's everywhere, except on Samba AD DC's. To
get the same Unix ID's everywhere, including Samba AD DC's, you must use
idmap_ad and add uidNumber & gidNumber attributes to AD.
>
> It seems more "specific" to use ad, but that's more from the "having some control" viewpoint than anything else.
> Ideally, the customer would still strive for low administration, so is rid more suited for that approach than ad?
> What are the reasons to use or choose to avoid rid or ad?
Hopefully I have answered that above ;-)
Rowland
More information about the samba
mailing list