On Fri, Aug 17, 2012 at 4:55 AM, James Relph <[email protected]> wrote: > Hi Gordon, > > > Apologies, missed this the other day. > > My advice would be to make it easier to use IDMU. The modifications > to AD to support IDMU are quite widely accepted these days, at least > in organizations that have both Windows and *nix. > > > The problem is that some of the organisations we're used to integrating Mac > clients with (tend to be FTSE companies) often are pretty much straight > Windows shops, so anything that deviates from their standard is *really* hard > to get through change control (especially now where we've been deploying Macs > for years that "just work" with AD (to a fairly decent extent)). >
If you're bringing an illumos based system into "straight Windows shops" (Windows only), why setup any idmap rules at all? Just let it use ephemeral IDs. The Windows clients will see SIDs, and all is well. The main reason for doing anything more complex with idmap is so that NFS and/or local applications see "normal" looking UIDs and GIDs. In an all-Windows envirnonment, you don't care about that. -- Gordon Ross <[email protected]> Nexenta Systems, Inc. www.nexenta.com Enterprise class storage for everyone _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
