[Samba] Choosing a backend idamp and example scenarios for each one
Elias Pereira
empbilly at gmail.com
Thu Jun 20 00:12:40 UTC 2024
Thank you all!!!! Great content!!!
Speaking of scenarios... What would be the best backend for?
Scenario 1:
3 DCs and 1 fileserver
2800 users
Scenario 2:
4 DCs and 2 fileserver
2800+ users
On Sat, Jun 15, 2024 at 4:49 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Fri, 14 Jun 2024 17:32:30 -0300
> Andreas Hasenack via samba <samba at lists.samba.org> wrote:
>
> > Hi,
> >
> > On Fri, Jun 14, 2024 at 4:44 PM Elias Pereira via samba <
> > samba at lists.samba.org> wrote:
> >
> > > hi,
> > >
> > > Knowing the 3 idmap backends (ad, rid and autorid) available to
> > > configure samba as a domain member, could you give examples of
> > > scenarios in which each backend would be more suitable?
> > >
> > >
> > I also wrote some documentation for the ubuntu server guide about
> > this, recently. Here is one point of entry:
> > https://ubuntu.com/server/docs/choosing-an-integration-method
>
> That first one doesn't even mention idmap_ad
>
> Why do you use the range 100000 - 199999 for the default '*' domain,
> when this is meant for the Well Known SIDs and anything outside the
> 'DOMAIN' domain (which really means '0'), there are less than 200 Well
> Known SIDs.
>
> Wouldn't 'Not a member server' be better as 'Authentication
> only' with the caveat that you only run Winbind for this (which is what
> sssd really is).
>
> The main difference between idmap_rid and idmap_autorid is that it is
> easier to set up idmap_autorid, just two lines, but it will also suffer
> from the same problem that sssd does, if a domain gets large enough,
> you will get ID collisions.
>
> >
> > Some more practical docs start here:
> > https://ubuntu.com/server/docs/join-a-domain-with-winbind-preparation
> > including a cross-forest example.
>
> Why does Ubuntu seem to require the hostname setting to a FQDN, but
> Debian just requires the short hostname ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Elias Pereira
More information about the samba
mailing list