[Samba] Corruption of winbind cache after converting NT4 to AD domain
Michael Tokarev
mjt at tls.msk.ru
Sat Feb 12 12:04:55 UTC 2022
12.02.2022 12:30, Rowland Penny via samba wrote:
> On Sat, 2022-02-12 at 11:56 +0300, Michael Tokarev wrote:
>> Please note: I'm not arguing here, my intention is the understanding.
+++
Rowland, I really apprecate your explanations. And the only my intention
is to understand. But I still can not... :(
I see what you suggest, what you recommend to do/use. But why it is
incorrect to have local user AND the AD user (maybe after fixing the bug
in winbind from $subj which you say is not a bug)?
You're saying "stop thinking the old way". But it raises the same
question: why, what's wrong with the "old way" (besides the $subj)?
Why I can't have everything locally without relying on any external
networking services unless I actually come over network (from windows
machine)?
The corruption definitely can be fixed, this is not a question here
anymore. The argument that local user and AD user have different SIDs
is not valid either, we can make them the same.
But the main - conceptual - question is why we can't have local user
with "AD extensions", so to say, or "AD user" with "local extensions",
declaring them the SAME user? What's wrong with this *conceptually*?
Again, I'm not asking about personal preferences, but about the concept.
Maybe if this conceptual question is answered, everything else will
become much simpler...
Thanks,
/mjt
More information about the samba
mailing list