Web lists-archives.com

Re: [Samba] idmaps, again




On Thu, 21 Mar 2019 22:34:02 +0100
"Stefan G. Weichinger via samba" <samba@xxxxxxxxxxxxxxx> wrote:

> Am 21.03.19 um 19:54 schrieb Rowland Penny via samba:
> 
> > This is one of the decisions you have to make, do you want to have
> > the same ID's everywhere, or just on Unix domain members ?   
> 
> We only have one Unix domain member aside from the DCs and that is the
> samba file server.
> 
> > Do you want to
> > set different login shells and/or different home directories ?  
> 
> nope
> 
> the AD users don't do ssh or bash or so ... "only" file access and
> stuff like login/logout and GPOs etc
> 
> (only I and the main admin there use ssh to the servers ...)

Then you don't really need to be using the 'ad' backend.

> 
> > If you want the same ID's everywhere and the ability to set
> > different login shells/homedirectories for your users, then you
> > must use the 'ad' backend, this does involve adding uidNumber
> > attributes to the user objects. This is what the Unix Attributes
> > tab used to do.
> > 
> > If none of the above applies, then you can use the 'rid' backend,
> > this will give you the same ID's on all Unix domain members, but
> > all users that connect to the computer will get the same login
> > shell and homedirectory, you also will not have to add anything to
> > AD.  
> 
> And is it possible to change the backend from ad to rid with
> reasonable effort?

Yes and then again no ;-)

Yes, it is easy to change from 'ad' to 'rid', but you would also have
to change the file ownerships as well.

Rowland
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba