[Samba] Corruption of winbind cache after converting NT4 to AD domain

Michael Tokarev mjt at tls.msk.ru
Sat Feb 12 12:04:55 UTC 2022

12.02.2022 12:30, Rowland Penny via samba wrote:
> On Sat, 2022-02-12 at 11:56 +0300, Michael Tokarev wrote:
>> Please note: I'm not arguing here, my intention is the understanding.

Rowland, I really apprecate your explanations. And the only my intention
is to understand.  But I still can not... :(

I see what you suggest, what you recommend to do/use.  But why it is
incorrect to have local user AND the AD user (maybe after fixing the bug
in winbind from $subj which you say is not a bug)?

You're saying "stop thinking the old way". But it raises the same
question: why, what's wrong with the "old way" (besides the $subj)?
Why I can't have everything locally without relying on any external
networking services unless I actually come over network (from windows

The corruption definitely can be fixed, this is not a question here
anymore. The argument that local user and AD user have different SIDs
is not valid either, we can make them the same.

But the main - conceptual - question is why we can't have local user
with "AD extensions", so to say, or "AD user" with "local extensions",
declaring them the SAME user? What's wrong with this *conceptually*?

Again, I'm not asking about personal preferences, but about the concept.

Maybe if this conceptual question is answered, everything else will
become much simpler...



More information about the samba mailing list