[Samba] AD backend migration

Vaughan, Robert J vaughar2 at gdls.com
Thu Nov 24 15:53:48 UTC 2022

Hello Samba list,

Currently we have AD member servers that find UNIX user uid and gid via LDAP

With the requirement to run winbind on member servers on newer versions of Samba I suppose this should still work with idmap backend 'nss'

But we are planning to move to using AD for our UNIX info

The corp assigns UNIX uids

We have a corp AD realm (if that is the right word) which is say X.com and then two sites, A.X.com and B.X.com

So if we use idmap backend 'ad' we must use the same range for each of A.X.com and B.X.com since the uid for users of both sites are unique but interspersed

This seems to be allowed and works for tests but it does note this overlap in the logs - is this a concern?

There are users in B.X.com that access shares in A.X.com

We do run sssd on the Linux member servers too (for the LDAP currently), but when we move to AD should this be disabled on member servers?


Robert Vaughan

This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information.  No one else may read, print, store, copy, forward or act in reliance on it or its attachments.  If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.

More information about the samba mailing list