Hmm.. just a few last questions.
the bug came back the other day, after i fired up some machine that uses
winbindd for apache authentication.
(no smb processes here). downside is that it's winbindd from samba 3.0.11.
winbindd from samba 3.0.24 has some strange issues with that machine,
for every page it starts re authing again
resulting in asking username and password again, and again and again and
.........
i think the problem might be there.
the part i don't get is the 'resolve unmapped account' ??
how can you have unmapped accounts ?? isn't it so that all
account that don't have entries in the user database (or machine)
are rejected ?? so don't need anny auth at all ?
so basically, i can leave the old sid's and posix uid alone, but need to
monitor the sid and uid
when creating new users and machines, coz they can collide with the
existing not standard uid and sid's .
great, back to debuging again... thx for da input.
Collen
Edmundo Valle Neto wrote:
Collen Blijenberg escreveu:
Sorry, forgot something,
indeed there was a mixup with the migrating, old posix uid were
differed than the once we use now.
a changed the auto_increment value of the user.uid table from mysql.
i took the highest sid (5620) subbed 1000 and /2 and used that for
auto_increment value..
so now my new user accounts are in sync with samba RID's again.
all i'm interested in now is the once i already have and use...
i have a heap of accounts that have a posix uid, that doesn't fit the
rules Edmundo explained (1000 + (2*uid))
it looks like all works fine, but i would like to take the advise of
the experts...
is the rule only active when creating new accounts, or does samba use
that rule also with in
daily basic things ? (like logging in, or accessing shares ??)
does it harm to have a posix uid 1050 and a SID ending with -1299 ?????
Cheers Collen
...
[cut]
That I know, this algorithmic mapping is made to prevent clashes and
prevent the use of well know RIDs by Windows domains. I don't know all
the situations that the algorithmic mapping will be used in addiction
of the creation of new accounts or to resolve unmapped accounts.
(Someone correct me if Im wrong).
But I would guess that if your accounts are being resolved (SID<->GID
and SID<->UID) (and if I remember right those mappings are made inside
the base used and/or inside groupmap_idmap.tdb, when you are not using
winbind) you will not have any problems beyond those related with
permissions by lost/changed ids after used (IF that happened).
Regards.
Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
