Web lists-archives.com

Re: [Samba] Slow, Incorrect Group Resolution through Winbind




On Wed, 13 Sep 2017 11:58:27 -0400
Sonic <sonicsmith@xxxxxxxxx> wrote:

> On Wed, Sep 13, 2017 at 11:32 AM, Rowland Penny via samba
> <samba@xxxxxxxxxxxxxxx> wrote:
> > On Wed, 13 Sep 2017 11:18:59 -0400
> > Sonic via samba <samba@xxxxxxxxxxxxxxx> wrote:
> >
> >> Should be more like:
> >>          idmap config STUDENTS : range = 16777216-33554431
> >>          idmap config STUDENTS : backend = tdb
> >>
> >> ...plus something like:
> >>          idmap config * : range = 10000-20000
> >>          idmap config * : backend = tdb
> >> ... using a different range than configured for STUDENTS.
> >>
> >> Again "man smb.conf" is your friend.
> >
> > Obviously not, from the above ;-)
> >
> > I would expect something like:
> >
> >         idmap config * : backend = tdb
> >         idmap config * : range = 3000-7999
> >         idmap config STUDENTS : backend = rid
> >         idmap config STUDENTS : range = 16777216-33554431
> >
> 
> Are you stating that only one assignment of tdb can be defined? I use
> the rid backend for the domains that are hosted on another server but
> wasn't sure whether or not multiple tdb backend assignments were
> allowed. Although I've never tried it, the man page does not appear to
> state that tdb cannot be used for multiple backends. But I'm reading
> the man page for 4.7.0rc5 which may be different.
> 
> Chris

For the '*' domain you should only the tdb backend (note, you cannot
use the rid backend).

For the 'DOMAIN' domain you can use several different backends (rid, ad
etc) but I wouldn't use the tdb backend, how are you going to be sure
you will get the same IDs on all Unix machines ?
If you use the 'rid' backend and the same range on all Unix machines,
you will get the same IDs without having to add anything to AD.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba