[Samba] DNS problems (still) with Linux domain members - using Samba's internal DNS backend

[Rowland Penny]

On 27/04/2023 01:37, Gary Dale via samba wrote:

> 
> Neither actually addresses the question I raised. Apart from the 
> administrative policy of using AD for account maintenance, why not use, 
> for example, 100 as the <gid> or 1000 as a <uid>? If I have to set the 
> ids manually, I should be able to keep track of them more easily when 
> they are smaller numbers....  Or do you need to use large enough numbers 
> so that all the ideas you may ever create will be the same length?

If you have read the first page I pointed you to, you would have found this:

As you can see from the above, if you are creating a new domain, you 
shouldn't set either the default domain '*' or the 'SAMDOM' ranges to 
start at 999 or less, as they would interfere with the local system 
users & groups.

It then goes on to say:

You also should leave a space for any local Unix users & groups, so 
starting the 'idmap config' ranges at 3000 seems to be a good compromise.

Local Linux users & groups are just that, LOCAL and shouldn't take part 
in AD.

> 
> Or why not use autorid?

You can use autorid, but it is really meant for multiple domains, you 
cannot use 'winbind use default domain = yes' with it and you will get 
different Linux ID's on every Unix domain member you run it on.
If you do not wish to add anything extra to AD, then I suggest you use 
the 'rid' backend, you can use 'winbind use default domain = yes' and, 
provided you use the same basic smb.conf on all Unix domain members, you 
will get the same ID's.

> 
> Another issue that isn't addressed with instructions and an example is 
> the adding of a GID to the standard domain groups. It seems to be 
> necessary but the only example doesn't seem to deal with it. An example 
> showing adding a GID to Domain Users, for example would be helpful.
>

samba-tool comes with help, try running 'samba-tool user create --help' 
or 'samba-tool user addunixattrs --help'

Rowland