Web lists-archives.com

Re: [Samba] Slow, Incorrect Group Resolution through Winbind

On Wed, 13 Sep 2017 12:37:17 -0400
Sonic <sonicsmith@xxxxxxxxx> wrote:

> On Wed, Sep 13, 2017 at 12:22 PM, Rowland Penny via samba
> <samba@xxxxxxxxxxxxxxx> wrote:
> > For the 'DOMAIN' domain you can use several different backends
> > (rid, ad etc) but I wouldn't use the tdb backend, how are you going
> > to be sure you will get the same IDs on all Unix machines ?
> That's exactly why I personally use rid for the DOMAIN domain.
> However, you seemed to suggest that my post was incorrect because I
> left the OP's desired backend (not my choice) in place during my
> reply, which still, as far as I can tell, is not an incorrect
> configuration via the info in the man page. If indeed my answer was
> incorrect than the man page needs some updating.
> Chris

You posted:

Should be more like:
         idmap config STUDENTS : range = 16777216-33554431
         idmap config STUDENTS : backend = tdb

And, yes the smb.conf manpage does say this:

These are suitable for use in the default idmap configuration.

and refer to tdb,tdb2 and ldap. I wouldn't use any of these on a Unix
domain member, because the manpage also says this:

these create mappings of their own using internal unixid counters and
store the mappings in a database.

This means there is no way to ensure that users and groups will get the
same ID on different Unix domain members.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba