On 26/02/12 17:03, Gémes Géza wrote:
2012-02-26 10:28 keltezéssel, steve írta:
Hi everyone
The s4 Domain Users group has xidNumber: 100 and the Linux users group
has gidNumber=100. I've been mapping xidNumber<--> gidNumber for s4
posix groups I've added myself, but this causes a name collision for
Domain Users. This also has implications on Linux as local users have
access to the group owned stuff of Domain users.
I've changed the xidNumber in idmap.ldb to 2000 and posix-ified my
Domain Users correspondingly. Everything still works, well, it works
for one test user at least.
1. Does xidNumber: 100 have any special meaning to windows?
2. To help readability, would it be possible to add a label to common
entries in idmap to help us identify them?
Cheers,
Steve
1. idmap.ldb is private to the Samba4 box so windows sees nothing from xids
2. xids are there as (I hope) a temporary solution for storing uids,
gids in a unified manner, if those attributes would be visible windows
would still ignore them
Regards
Geza
That is good news. I thought I may have been committing a crime by
altering stuff there.
I've tried to work around the sid-gid-uid stuff using xid's from
idmap.ldb and storing uid and gid along with posix attrs and classes for
individual users in sam.ldb.
I looked in the m$ schema and found this:
cn: PosixAccount
ldapDisplayName: posixAccount
mayContain: uid, cn, uidNumber, gidNumber,
unixHomeDirectory,homeDirectory, userPassword, unixUserPassword,
loginShell, gecos,description
cn: PosixGroup
ldapDisplayName: posixGroup
mayContain: cn, userPassword, unixUserPassword, description,gidNumber,
memberUid
I've got some crude scripts together (based on your echo to file idea) here:
http://linuxcostablanca.blogspot.com/2012/02/samba-4-posix-domain-user.html
which include most of that stuff. It's the 'mayContain' that confuses
me. e.g. my subset of mayContain does not have gecos nor cn but still
seems to map OK via nss.
Sorry. Just one more thing. Could you point me at the code which finds
the next free xid when e.g. you create a new user?
TIA for your time.
Steve.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
