El 24/11/22 a les 9:42, Rowland Penny ha escrit:
On 24/11/2022 08:00, Leopold Palomo-Avellaneda wrote:
Hi Roland,
El 24/11/22 a les 8:00, Roland Gruber ha escrit:
Hi Leopold,
to assign users uid/uidNumber/gidNumber you will need to use the
"Unix (posixAccount)" module. Make sure to use the "Windows" modules for the
Samba part (and not Samba 3).
well, I don't want discuss with the LAM author, but in our tests we have found
that you don't need posixAccount module. samba4 provides you a uid and gid of
your user in the Unix world. Also, configuring it appropriately, you can share
these numbers with the clients. So, why do we need it?
Whilst you are correct that you do not need posixAccount & posixGroup
objectclasses in AD (all the rfc2307 attributes are standard in AD), you still
need something to add the rfc2307 attributes, in LAM's case, this is the
posixAccount module.
So, should I understand that if we want that values, we need the posixAccount
module in LAM to get it, right?
The only place that Samba provides uid's & gid's without configuration is an AD
DC and these numbers are in the '3000000' range. These numbers are not uidNumber
or gidNumber attributes, they are 'xidNumber' attributes and are only found in
idmap.ldb on an AD DC. The 'xidNumber' attributes can be overridden by adding
uidNumber & gidNumber attributes to AD.
using the posixAccount module, is it?
It sounds to me that you are planning to use a Samba AD DC as a fileserver, if
this is the case, then please think again, it isn't recommended because of the
numerous differences between a Samba fileserver and a DC, to put it bluntly,
using a DC as a fileserver will give you problems.
As I said, this really isn't the place to discuss Samba.
Ok, I will subscribe the samba list and ask about our setup.
[...]
modules: posixAccount_user_uidGeneratorUsers: range
modules: posixAccount_user_minUID: 6000
modules: posixAccount_user_maxUID: 9000
Those numbers are really too low and they can both start at the same number,
ADUC used to use '10000'
ok.
Are these settings?
As Rowland wrote all Samba related questions should go to them. ;-)
Well, the mail surprised me. I was not asking questions of Samba. I just
explain the context where we want to pun LAM. And I agree that is "a world of
pain", but We live in a world of diversity (in all the aspects) and we need
interoperability between Mac, Windows and GNU/Linux.
I was just trying to stop myself a lot more work later, when you finally turned
up on the samba mailing list. Better to get it right in the first place. It
sounds like you may already be running a Samba NT4-style domain, if so, prepare
to forget a lot of what you know, AD is very different, you can have multiple
DC's for one.
But, please, are you writing in this list that you do not recommend SAMBA to
provide files a Unix clients and Windows clients?
Because to me it is my central point, sharing files between OS.
Best regards,
Leopold
--
--
Linux User 152692 GPG: 05F4A7A949A2D9AA
Catalonia
-------------------------------------
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
