Re: [Samba] Samba4 xidNumber and idmap.ldb
On 2012-02-26 18:15, steve wrote: Hi Steve, Sorry. Just one more thing. Could you point me at the code which finds the next free xid when e.g. you create a new user? That's not how samba4 id mapping works at the moment I'm afraid. It will ignore the Posix attributes that might exist in the AD. It's non-trivial to manage the mappings across servers. Cheers, Kai -- Kai Blin Worldforge developer http://www.worldforge.org/ Wine developer http://wiki.winehq.org/KaiBlin Samba team member http://www.samba.org/samba/team/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 xidNumber and idmap.ldb
On 28/02/12 11:14, Kai Blin wrote: On 2012-02-26 18:15, steve wrote: Hi Steve, Sorry. Just one more thing. Could you point me at the code which finds the next free xid when e.g. you create a new user? That's not how samba4 id mapping works at the moment I'm afraid. It will ignore the Posix attributes that might exist in the AD. It's non-trivial to manage the mappings across servers. Cheers, Kai Hi Kai It seems to be working for us at least. We've added the posix attrs and classes as defined in the ms schema to our s4 domain users and groups: http://linuxcostablanca.blogspot.com/2012/02/samba-4-posix-domain-user.html The mapping works fine over nfs4 for our Linux clients:-) I was just wandering how s4 decides what the next xid will be before it writes a sid and xid entry to idmap.ldb. This was mainly to ease the readability of our posix scripts and tidy up idmap.ldb when e.g. a user is deleted. Do you know where I could find that bit in the source? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 xidNumber and idmap.ldb
Hi everyone The s4 Domain Users group has xidNumber: 100 and the Linux users group has gidNumber=100. I've been mapping xidNumber -- gidNumber for s4 posix groups I've added myself, but this causes a name collision for Domain Users. This also has implications on Linux as local users have access to the group owned stuff of Domain users. I've changed the xidNumber in idmap.ldb to 2000 and posix-ified my Domain Users correspondingly. Everything still works, well, it works for one test user at least. 1. Does xidNumber: 100 have any special meaning to windows? 2. To help readability, would it be possible to add a label to common entries in idmap to help us identify them? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 xidNumber and idmap.ldb
2012-02-26 10:28 keltezéssel, steve írta: Hi everyone The s4 Domain Users group has xidNumber: 100 and the Linux users group has gidNumber=100. I've been mapping xidNumber -- gidNumber for s4 posix groups I've added myself, but this causes a name collision for Domain Users. This also has implications on Linux as local users have access to the group owned stuff of Domain users. I've changed the xidNumber in idmap.ldb to 2000 and posix-ified my Domain Users correspondingly. Everything still works, well, it works for one test user at least. 1. Does xidNumber: 100 have any special meaning to windows? 2. To help readability, would it be possible to add a label to common entries in idmap to help us identify them? Cheers, Steve 1. idmap.ldb is private to the Samba4 box so windows sees nothing from xids 2. xids are there as (I hope) a temporary solution for storing uids, gids in a unified manner, if those attributes would be visible windows would still ignore them Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 xidNumber and idmap.ldb
On 26/02/12 17:03, Gémes Géza wrote: 2012-02-26 10:28 keltezéssel, steve írta: Hi everyone The s4 Domain Users group has xidNumber: 100 and the Linux users group has gidNumber=100. I've been mapping xidNumber-- gidNumber for s4 posix groups I've added myself, but this causes a name collision for Domain Users. This also has implications on Linux as local users have access to the group owned stuff of Domain users. I've changed the xidNumber in idmap.ldb to 2000 and posix-ified my Domain Users correspondingly. Everything still works, well, it works for one test user at least. 1. Does xidNumber: 100 have any special meaning to windows? 2. To help readability, would it be possible to add a label to common entries in idmap to help us identify them? Cheers, Steve 1. idmap.ldb is private to the Samba4 box so windows sees nothing from xids 2. xids are there as (I hope) a temporary solution for storing uids, gids in a unified manner, if those attributes would be visible windows would still ignore them Regards Geza That is good news. I thought I may have been committing a crime by altering stuff there. I've tried to work around the sid-gid-uid stuff using xid's from idmap.ldb and storing uid and gid along with posix attrs and classes for individual users in sam.ldb. I looked in the m$ schema and found this: cn: PosixAccount ldapDisplayName: posixAccount mayContain: uid, cn, uidNumber, gidNumber, unixHomeDirectory,homeDirectory, userPassword, unixUserPassword, loginShell, gecos,description cn: PosixGroup ldapDisplayName: posixGroup mayContain: cn, userPassword, unixUserPassword, description,gidNumber, memberUid I've got some crude scripts together (based on your echo to file idea) here: http://linuxcostablanca.blogspot.com/2012/02/samba-4-posix-domain-user.html which include most of that stuff. It's the 'mayContain' that confuses me. e.g. my subset of mayContain does not have gecos nor cn but still seems to map OK via nss. Sorry. Just one more thing. Could you point me at the code which finds the next free xid when e.g. you create a new user? TIA for your time. Steve. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba