[Samba] odd UID behaviour in Linux hosts connected to Samba AD

Rowland Penny rpenny at samba.org
Thu Jan 16 16:50:08 UTC 2025


On Thu, 16 Jan 2025 16:13:40 +0000
Luis Peromarta via samba <samba at lists.samba.org> wrote:

> It took me a few hours to put these together, hopefully is useful to
> you:
> 
> http://samba.bigbird.es/doku.php?id=samba:idmap-backends
> 
> http://samba.bigbird.es/doku.php?id=samba:no-need-for-use-rfc2307
> 
> http://samba.bigbird.es/doku.php?id=samba:more-idmapping-notes
> 


Those are very good, I might have worded some of the first one a bit
differently, people have been known to miss-class connecting to a share
as logging in, for instance.

You also have this in the second one:

You need users to log in (ssh) to the DC with different home folders or
shells.

There is no way to give users logging into a DC different shells or
home directory paths, not even if you use the rfc2307 attributes. A DC
only reads uidNumber & gidNumber attributes from AD.

You also do not mention that if you join an additional DC, it doesn't
get 'idmap_ldb:use rfc2307 = yes' in its smb.conf, not even if the other
DC(s) have it, you have to manually add it.

Rowland



More information about the samba mailing list