Web lists-archives.com

Re: [Samba] ACL SHARE

On Thu, 29 Jun 2017 14:30:05 -0500
Andrew Walker via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On Tue, Jun 27, 2017 at 3:29 PM, Rowland Penny via samba <
> samba@xxxxxxxxxxxxxxx> wrote:
> >
> > I would tend to agree, if you only have one or two fileservers, you
> > can use the 'rid' backend, any more than that, use the 'ad'
> > backend. If you use a DC as a fileserver (not really recommended,
> > but sometimes you have to) use the 'ad' backend.
> >
> > Rowland
> >
> A bit off topic, but I'm curious about why you advise not using the
> idmap_rid backend if you have more than one or two servers. Is this
> for simplicity in administration (i.e. not having to configure idmap
> ranges) or is there something about idmap_rid that makes it somewhat
> undesirable in such scenarios?
> Andrew

OK, if you use the 'rid' backend, you need to use the same smb.conf on
all of them. You can if you so wish, use 'rid' on more than two
servers, but it can get confusing. 

Using the 'ad' backend means that users and groups are certain to get
the same IDs everywhere or they will be ignored if the range is set
incorrectly on a particular Samba server. It also means that you can
easily sync files between servers and be certain that they will still
be owned by the correct user.

When it comes down to it, it is YOUR domain and you can use which ever
winbind backend you like, my preferences are above, but you don't
have to follow them ;-)


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba