On Sat, 2013-01-26 at 12:46 +0000, Rob McCorkell wrote: > > If you provision/run with idmap_ldb:use rfc2307 then you can assign each > > user/group a uidNumber/gidNumber which then is/can be obeyed by samba/nslcd. > > Sorry, I should have made myself more clear. Our current setup uses > the nslcd approach to get the UIDs and GIDs as mapped from the RID of > each object. We then feed that back into the LDAP database (as > uidNumber and gidNumber attributes) along with setting idmap_ldb:use > rfc2307 so that Samba4 gets the same UIDs and GIDs as from mapping the > RID. But this is very much a fudge, and it does not make sense that > Winbind shouldn't support this form of RID mapping, even though > previous versions did support it.
We continue to support this, just not when we are an AD DC. If this bothers you, then do not use your AD DC as a file server, except for the required group policy files. This is one of the many reasons we recommend against combining these roles on sites with complex requirements. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
