On 13/06/15 17:33, Jonathan Hunter wrote:> Hi buhorojo, > > I *think* I have a stable system for the moment... so thank you :-) > > On 13 June 2015 at 12:50, buhorojo <buhorojo.lcb at gmail.com> wrote: >>> I now set in smb.conf: >>> >>> server services = -dns +winbind -winbindd >>> >>> I stopped samba, then removed databases: >>> >>> # rm /usr/local/samba/var/cache/gencache.tdb \ >>> /usr/local/samba/var/lock/gencache_notrans.tdb \ >> Restore this: >>> /usr/local/samba/private/idmap.ldb > I have the following in smb.conf: > server services = -dns +winbind -winbinddthis is also winbind:> idmap_ldb:use rfc2307 = yesLose it.> and no 'winbind' lines anywhere. > - use rfc2307 UIDs (sadly, this is a must - I *wish* I could use some > kind of algorithmic mapping, ideally sssd's logic, but any really!)If you want consistency, you can't. You have to read nss information from the ad database. Anyway, well done:)
On 13 June 2015 at 16:42, buhorojo <buhorojo.lcb at gmail.com> wrote:> On 13/06/15 17:33, Jonathan Hunter wrote: >> I have the following in smb.conf: >> server services = -dns +winbind -winbindd > > this is also winbind: >> >> idmap_ldb:use rfc2307 = yes > > Lose it.Hmmm OK - what would tell samba to use rfc2307 in that case - would it do so automatically ??>> and no 'winbind' lines anywhere. >> - use rfc2307 UIDs (sadly, this is a must - I *wish* I could use some >> kind of algorithmic mapping, ideally sssd's logic, but any really!) > > If you want consistency, you can't. You have to read nss information from > the ad database. Anyway, well done:)Yup. I was hoping that samba would be able to either use the rid mapping code (which I know it won't do, on a DC) or, even more far-fetched, use the algorithm used by sssd where a UID is picked based on the entire SID. Ah well.. :) -- "If we knew what it was we were doing, it would not be called research, would it?" - Albert Einstein
On 14/06/15 04:14, Jonathan Hunter wrote:> On 13 June 2015 at 16:42, buhorojo <buhorojo.lcb at gmail.com> wrote: >> On 13/06/15 17:33, Jonathan Hunter wrote: >>> I have the following in smb.conf: >>> server services = -dns +winbind -winbindd >> this is also winbind: >>> idmap_ldb:use rfc2307 = yes >> Lose it. > Hmmm OK - what would tell samba to use rfc2307 in that case - would it > do so automatically ??No. By removing this line, you are reverting to default values where the now obsolete winbind in the samba DC did nothing with rfc2307 information. The idmap_ldb:use was a not very elegant way of retrieving partial uid:gid information from the old winbind code that was part of the dc. As you have now found, wnbindd is no more capable. By using sssd, you have bypassed the bugs present in winbind and winbindd by simply not using either of them. and by so doing, turned your DC into a fully functioning file server. Just like windows server. Your next step is to cluster the file shares. Maybe you should ask, will we need dcs and file servers much longer? We'll _never_ go back!> >>> and no 'winbind' lines anywhere. >>> - use rfc2307 UIDs (sadly, this is a must - I *wish* I could use some >>> kind of algorithmic mapping, ideally sssd's logic, but any really!) >> If you want consistency, you can't. You have to read nss information from >> the ad database. Anyway, well done:) > Yup. I was hoping that samba would be able to either use the rid > mapping code (which I know it won't do, on a DC) or, even more > far-fetched, use the algorithm used by sssd where a UID is picked > based on the entire SID. Ah well.. :) >