[Samba] Unable to map AD Users to existing local Unix users since 4.8.x
Crispin.Bivans at vwcredit.com
Thu Jun 4 20:22:21 UTC 2020
>> Can you point me to a Release Changes note that says explicitly that Winbind is now required or that mapping of AD users to local unix accounts has been removed?
>Yes, see here:
>Samba did a lot of things back in the NT4-style domain days, some of
>which dragged into the start of the AD client setups, quite a few of
>them were not really a good idea.
Thanks Rowland for the reference, that clears up a lot.
Is there a idmap engine or other settings that maps AD users to local ID numbers?
We don't manage Windows accounts or groups so it'll be challenge to coordinate and get buy in by the Win Admins, to the Winbind model when we are asking them to do more work. And there is still no great solution for the primary group dilemma I first wrote about in the chain (i.e. same user on multiple systems may get a different primary group used for that system).
More information about the samba