Re: [Samba] winbind causing huge timeouts/delays since 4.8

On Tue, Feb 26, 2019 at 01:32:51PM +0000, Rowland Penny wrote:
On Tue, 26 Feb 2019 12:49:42 +0100 Ralph Böhme  wrote:
On Tue, Feb 26, 2019 at 12:45:45PM +0100, Björn JACKE via samba wrote:
>To reflect the fact that the owner can be a group also, winbind
>can assign both a mapped uid number and a gid number for Windows
>users and groups, both uid and gid have the same value and are the
>xid. That way Samba can also assign the ownership of files to a
>group. The idmap backend has to be able to support XID though, not
>all idmap backends do so.

in particular idmap_autorid, idmap_rid and idmap_script support this
so called mode, idmap_ad doesn't.

I take it that xid is used internally by Samba to identify calculated
ID's, because the only place a normal user will come across them is in
idmap.ldb. If this is correct, then it doesn't really matter that
idmap_ad doesn't support them, because uidNumber & gidNumber replaces

Iirc it matters: I guess SID history will not work with idmap_ad.

From a users point of view, the only way to get an experience similar
to Windows is to use idmap_ad.

From a certain perspective: maybe. But that's a generalisation, I wouldn't go
over that bridge.

Again: for many fileserver scenarios you're better using idmap_autorid.


