2012-02-16 11:39 keltezéssel, steve írta: > On 02/16/2012 06:58 AM, Gémes Géza wrote: >> 2012-02-16 02:01 keltezéssel, steve írta: >>> Hi. >>> We used info from a SID created using samba-tool group add to >>> posix-ify it and then add a posix-ifed domain user to it. The AD doco >>> defines two sorts of SID. Ones that change, and ones that don't. >>> >>> Here is a search on our posix-ified group: >>> ldbsearch --url=/usr/local/samba/private/idmap.ldb 'xidnumber=3000012' >>> objectSid: S-1-5-21-980186919-4150830324-975011627-1121 >>> >>> We set the primaryGroupID of the user to 1121, his gidNumber to >>> 3000012 and his uidNumber from wbinfo. He becomes visible to Linux via >>> nss-ldapd, whilst retaing his Domain User status on the windows side:-) >>> >>> My question is, to which category of SID does >>> S-1-5-21-980186919-4150830324-975011627-1121 belong? Can we assume >>> that this is fixed for the life of the domain? Under what circustances >>> could s4 change it, and if id did, would we be given warning? >>> >>> Thanks, >>> Steve >>> >>> >>> >> Hi >> >> SIDs over S-1-5-21-.....-1000 are "ordinary" SIDs used by windows for >> users and groups. The M$ docs describe modifying the SID as a very >> dangerous, unsupported operation with unpredictable consequences, so yes >> SIDs can be considered as something "carved in stone". >> >> Regards >> >> Geza > Hi Geza > Thanks for the confirmation. Will s4 follow the carved in stone m$ > guidelines? > > So far, the schema has allowed my addition of POSIX objects and > attributes to the ldb's. Indeed, some of them such as posixAccount are > already there, just waiting to be pulled in. Will there be any > changes made which will negate this? e.g. I have a user with > primaryGroupID: 1121, uidnumber: 3000000, unixhomedirectory: > /home/workgroup/user. Will the user always have those attributes? Now? > After the next git? After a s4 release? > > Maybe the question should be, will there be any changes made to the > schema which would disallow rfc2307 attributes to be included? > > It's almost Friday. > > Cheers, > Steve > Hi,
As I've understand the plan is to support rfc2307 attributes in the samba4 winbind implementation so I would be very surprised+annoyed if they would get unsupported on Samba4 Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
