Web lists-archives.com

Re: [Samba] [samba] Winbindd without RFC2307 question




2017-07-19 23:04 GMT+02:00 Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>:

> On Wed, 19 Jul 2017 22:27:55 +0200
> Emmanuel Blindauer via samba <samba@xxxxxxxxxxxxxxx> wrote:
>
> > On 19/07/2017 16:54, mathias dufresne via samba wrote:
> > > Thank you both for your replies. Unfortunately I will not be able
> > > to use rfc2307 and then uidNumber and co until they modify their
> > > AD. It would perhaps be done soon but for now, no real idea.
> > >
> > > So back to Rowland's proposition to use "rid" backend rather than
> > > "ad" backend for idmap configuration.
> > > To switch from "ad" to "rid" idmap backend I just changed :
> > > idmap config CENTORIAL:backend = ad
> > > into
> > > idmap config CENTORIAL:backend = rid
> > >
> > > Then I reload everything with "smbcontrol all reload-config"
> > >
> > > To finally test all that with "id username" which wasn't working.
> > >
> > > I just restart the samba processes (systemctl restart blablabla)
> > > and all went well.
> > >
> > > Thank you again :)
> > >
> > > Have a nice day all,
> > >
> > > mathias
> > there is also a recent  idmap_nss which can be a solution if you have
> > another way to manage uidNumber while keeping cn=uid
> >
>

Thank you for the hint but with idmap_rid it seems I've got what I need.
Now I'm looking for a way to reproduce UID/GID from the old Samba server on
the new one (we're migrating some files server).
Extracting UID/GID for each file is easy, using that to produce a list of
all users with username uid and gid is then quite simple.

The difficulty would be to insert all these username:uid:gid into the RID
database of the new Samba server... Using RFC2307 would be so much easier...


>
> The whole idea behind AD is to have a central store for users and
> groups. Using idmap_nss will go back to the old way of doing things,
> because you need users on the fileserver and in AD, if you have
> multiple fileservers, you will need the user on all of them.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba