Web lists-archives.com

Re: [Samba] Slow, Incorrect Group Resolution through Winbind




On Wed, 13 Sep 2017 12:55:58 -0400
Sonic <sonicsmith@xxxxxxxxx> wrote:

> On Wed, Sep 13, 2017 at 12:49 PM, Rowland Penny via samba
> <samba@xxxxxxxxxxxxxxx> wrote:
> > And, yes the smb.conf manpage does say this:
> >
> > These are suitable for use in the default idmap configuration.
> >
> > and refer to tdb,tdb2 and ldap. I wouldn't use any of these on a
> > Unix domain member, because the manpage also says this:
> >
> > these create mappings of their own using internal unixid counters
> > and store the mappings in a database.
> >
> > This means there is no way to ensure that users and groups will get
> > the same ID on different Unix domain members.
> 
> I'm the first to agree that using tdb for the DOMAIN domain is not
> ideal. However, it is not invalid (as far as I can tell from the
> documentation).
> 
> Chris

I am not saying it is invalid, I am just saying you should not use them
for the 'DOMAIN' backend because you have no way to get consistent IDs.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba