[Samba] Choosing a backend idamp and example scenarios for each one
Luis Peromarta
lperoma at icloud.com
Thu Jun 20 05:23:39 UTC 2024
See
http://samba.bigbird.es/doku.php?id=samba:idmap-backends
LP
On 20 Jun 2024 at 01:13 +0100, Elias Pereira via samba <samba at lists.samba.org>, wrote:
> Thank you all!!!! Great content!!!
>
> Speaking of scenarios... What would be the best backend for?
>
> Scenario 1:
> 3 DCs and 1 fileserver
> 2800 users
>
> Scenario 2:
> 4 DCs and 2 fileserver
> 2800+ users
>
> On Sat, Jun 15, 2024 at 4:49 AM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
> > On Fri, 14 Jun 2024 17:32:30 -0300
> > Andreas Hasenack via samba <samba at lists.samba.org> wrote:
> >
> > > Hi,
> > >
> > > On Fri, Jun 14, 2024 at 4:44 PM Elias Pereira via samba <
> > > samba at lists.samba.org> wrote:
> > >
> > > > hi,
> > > >
> > > > Knowing the 3 idmap backends (ad, rid and autorid) available to
> > > > configure samba as a domain member, could you give examples of
> > > > scenarios in which each backend would be more suitable?
> > > >
> > > >
> > > I also wrote some documentation for the ubuntu server guide about
> > > this, recently. Here is one point of entry:
> > > https://ubuntu.com/server/docs/choosing-an-integration-method
> >
> > That first one doesn't even mention idmap_ad
> >
> > Why do you use the range 100000 - 199999 for the default '*' domain,
> > when this is meant for the Well Known SIDs and anything outside the
> > 'DOMAIN' domain (which really means '0'), there are less than 200 Well
> > Known SIDs.
> >
> > Wouldn't 'Not a member server' be better as 'Authentication
> > only' with the caveat that you only run Winbind for this (which is what
> > sssd really is).
> >
> > The main difference between idmap_rid and idmap_autorid is that it is
> > easier to set up idmap_autorid, just two lines, but it will also suffer
> > from the same problem that sssd does, if a domain gets large enough,
> > you will get ID collisions.
> >
> > >
> > > Some more practical docs start here:
> > > https://ubuntu.com/server/docs/join-a-domain-with-winbind-preparation
> > > including a cross-forest example.
> >
> > Why does Ubuntu seem to require the hostname setting to a FQDN, but
> > Debian just requires the short hostname ?
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
> --
> Elias Pereira
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list