Better Posix AD

From SambaWiki
Revision as of 01:10, 27 January 2018 by Abartlet (talk | contribs) (Created page with "=Background= When Setting up Samba as an AD DC for Linux and other POSIX clients some things are not as simple as...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Background

When Setting up Samba as an AD DC for Linux and other POSIX clients some things are not as simple as they could be.

IDMAP

A user on a POSIX system needs a uid and gid value.

Possible solutions

Samba should set a uidNumber and gidNumber on the directory entry when the user or group is created. Additionally the schema should be extended to indicate that the uidNumber is actually IDMAP_BOTH, that is able to be expressed as a GID for ACLs.

This should be allocated via winbind, so that the administrator has control, however a new default should be created to use the SSSD idmap algorithm.

For RID based algorithms the base values for the domain should be stored the in trustPosixOffset value of the domain trust entry so that they run on each host automoously, and

=