Web lists-archives.com

Re: [Samba] idmaps, again

On Thu, 21 Mar 2019 22:34:02 +0100
"Stefan G. Weichinger via samba" <samba@xxxxxxxxxxxxxxx> wrote:

> Am 21.03.19 um 19:54 schrieb Rowland Penny via samba:
> > This is one of the decisions you have to make, do you want to have
> > the same ID's everywhere, or just on Unix domain members ?   
> We only have one Unix domain member aside from the DCs and that is the
> samba file server.
> > Do you want to
> > set different login shells and/or different home directories ?  
> nope
> the AD users don't do ssh or bash or so ... "only" file access and
> stuff like login/logout and GPOs etc
> (only I and the main admin there use ssh to the servers ...)

Then you don't really need to be using the 'ad' backend.

> > If you want the same ID's everywhere and the ability to set
> > different login shells/homedirectories for your users, then you
> > must use the 'ad' backend, this does involve adding uidNumber
> > attributes to the user objects. This is what the Unix Attributes
> > tab used to do.
> > 
> > If none of the above applies, then you can use the 'rid' backend,
> > this will give you the same ID's on all Unix domain members, but
> > all users that connect to the computer will get the same login
> > shell and homedirectory, you also will not have to add anything to
> > AD.  
> And is it possible to change the backend from ad to rid with
> reasonable effort?

Yes and then again no ;-)

Yes, it is easy to change from 'ad' to 'rid', but you would also have
to change the file ownerships as well.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba