Hi, I recently upgraded from 4.1.17 to 4.3.1. I thought that the winbindd daemon for AD included since 4.2 would allow proper and complete winbind operation as in member servers, but that doesn't seem to be the case. In particular, I want consistent UIDs on DCs for files created within Windows (so I can avoid the "somehow keep idmap.ldb in sync between DCs" hell). I made several tests but winbindd on the DC doesn't seem to be honouring the idmap directives on smb.conf and still relies on the XIDs provided by idmap.ldb Am I missing something? Is this by design? Best regards, George
On 13/12/15 05:07, George wrote:> Hi, > > I recently upgraded from 4.1.17 to 4.3.1. > > I thought that the winbindd daemon for AD included since 4.2 would allow > proper and complete winbind operation as in member servers, but that > doesn't seem to be the case. > > In particular, I want consistent UIDs on DCs for files created within > Windows (so I can avoid the "somehow keep idmap.ldb in sync between DCs" > hell). I made several tests but winbindd on the DC doesn't seem to be > honouring the idmap directives on smb.conf and still relies on the XIDs > provided by idmap.ldb > > Am I missing something? Is this by design? > > Best regards, > GeorgeYes, this is how it works at the moment, if you want your users & groups to have the same IDs everywhere, you will have to add uidNumber & gidNumber attributes to your users & groups. Adding the member server 'idmap config' lines to a DC smb.conf will have no effect. Rowland
On Sun, Dec 13, 2015 at 6:05 AM, Rowland penny <rpenny at samba.org> wrote:> On 13/12/15 05:07, George wrote: > >> Hi, >> >> I recently upgraded from 4.1.17 to 4.3.1. >> >> I thought that the winbindd daemon for AD included since 4.2 would allow >> proper and complete winbind operation as in member servers, but that >> doesn't seem to be the case. >> >> In particular, I want consistent UIDs on DCs for files created within >> Windows (so I can avoid the "somehow keep idmap.ldb in sync between DCs" >> hell). I made several tests but winbindd on the DC doesn't seem to be >> honouring the idmap directives on smb.conf and still relies on the XIDs >> provided by idmap.ldb >> >> Am I missing something? Is this by design? >> >> Best regards, >> George >> > > Yes, this is how it works at the moment, if you want your users & groups > to have the same IDs everywhere, you will have to add uidNumber & gidNumber > attributes to your users & groups. > > Adding the member server 'idmap config' lines to a DC smb.conf will have > no effect. > > Rowland > >Thanks for the clarification. Do you know if this is planned for some future release? Best regards