[Samba] Issues with FLOCK on NFS Share
Rowland penny
rpenny at samba.org
Mon Jul 6 19:02:32 UTC 2020
On 06/07/2020 19:22, Christopher Cox via samba wrote:
> On 7/6/20 1:09 PM, Rowland penny via samba wrote:
>
> I understand where you're coming and tried to mention that mindset in
> what I wrote. You're assumption is that there is a "single
> controller", and for you it's Samba with RFC2307 attributes, but a lot
> of what I said still applies to
> that exact scenario. Unless you're ready to take nsswitch.conf to
> only having winbind (and search nothing else) and you're prepared to
> own the PAM stack.
> True? But I will tell you, that even with those extremes, the battle
> isn't easily won
No, you missed this: you just need to setup the OS and Samba correctly
Local system users and groups use ID's in the 0-999 range
Normal local Unix ID's start at 1000, so as long as you leave a small
range above this number, you shouldn't have a problem.
On the Samba wiki it is suggested that you use the range 3000-7999 for
'*' domain (this is for the Windows Well Known SID's and anything
outside the main domain). This would allow you to have 1999 local Unix
users (not that you need anything like this number, as all AD users can
be mapped to Unix users)
The wiki then suggests starting the DOMAIN users and groups at 10000
(which is what ADUC used), The only problem is on Debian based OS's and
this is from their use of 65534 for nobody & nogroup (and this can be
worked around).
So, as I said, configure Samba and your Linux OS correctly and you will
not have a problem.
Rowland
More information about the samba
mailing list