On Wed, 2013-06-05 at 18:32 +0100, Rowland Penny wrote: > Well said Steve > > > From what I have read on the two samba mailing lists, Samba 4 is > supposed to be a clone of windows AD, well windows AD does not have > winbind, so I suppose this begs the question, why when running as a DC > controller does Samba4?
I think it's still needed because not everything is stored in the directory. sids are stored alongside (what become) their uid or gid in the idmap database, rather than AD. As end users, we can choose to work only with AD, however, every object we add also ends up in idmap too. I can see one of the reasons is so that a unique sid to uid can be guaranteed. There's a counter object in idmap which gets incremented each time we add something ourselves. However, once the xid from idmap has been transferred to AD, or we've allocated our own, we can then delete the idmap entry. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
