samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] id mapping

Re: [Samba] id mapping

From: Robert Freeman-Day <presgas_at_nospam>
Date: Tue Aug 24 2010 - 17:29:01 GMT
To: Greg Dickie <greg@justaguy.ca>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greg,

That may work for you as well, but I was actually referring to:
idmap backend = hash

That should be available in 3.5.4.

Robert

On 08/24/2010 11:10 AM, Greg Dickie wrote:
>
> Hi Robert,
>
> Thanks for the response. You are referring to
> idmap backend = rid
>
> correct?
>
> Greg
>
> On Tue, 2010-08-24 at 09:10 -0400, Robert Freeman-Day wrote:
> I have been the most happy with the hash idmap. It really is the least
> invasive and "just works" (does that need to be trademarked these
> days?). Since it hashes the SID with the same algorithm, all members
> get the same UID/GID mappings, which is a big win.
>
> Robert
>
> On 08/23/2010 05:21 PM, Greg Dickie wrote:
>>>> Hi,
>>>>
>>>> Today I'm trying to debug a problem on samba 3.5.4 where a domain
>>>> member server is having trouble mapping UIDs to SIDs. I must admit I
>>>> never really looked at this before as everything seemed to "just work".
>>>> Today I discovered that idmap backend on the PDC and the member server
>>>> were both defaulted to tdb. This means they have independent views of
>>>> UID to SID mappings I guess. That sucks. So I'm looking at the ldap
>>>> backend but I notice that it uses a special ou in the LDAP tree to store
>>>> mappings. Why do we need that if the sambaSamAccount schema also has
>>>> SIDs and UIDs for each user. Also, how is that tree populated?
>>>>
>>>> Looking at my PDC it seems to just pull everything out of gencache.tdb
>>>> or say that no mapping exists. Doing a tdbdump of winbind_idmap.tdb
>>>> shows only a few entries. This seems to be more complicated than I
>>>> expected. I'm sorry if this is a silly question but what am I doing
>>>> wrong?
>>>>
>>>> Thanks a lot,
>>>> Greg
>>>>
>>>>
>
>

- --
________

Robert Freeman-Day

https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkx0AV0ACgkQup357T5MfTbW+gCbBWbdjCMcwl0wI3VWNJqdsFpV
gq4AnimntaTY46H1g7PKJ97knra7VvtV
=/5Jb
-----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba