OK, the documentation is better but people still get it wrong probably because it is more complex than it needs to be, I personally find it easier to set sssd up, but that is just me.
Why use a word like orthogonal?, just who knows what orthogonal means, I have only being speaking english for 56 years and have never used that word in a sentence, just say what you mean and do not hide behind gobbledy-gook. >From what I can see the BUILTIN uids come from windows (and are called SID's) and there they are set in stone. from the sssd-1.9.0 announcement - Add a new PAC responder for dealing with cross-realm Kerberos trusts Your turn ;-) Rowland On 23 July 2013 13:48, Jonathan Buzzard <[email protected]> wrote: > On Tue, 2013-07-23 at 11:55 +0100, Rowland Penny wrote: > > [SNIP] > > > > > I thought that testparm did exactly that, it tested all the parameters > > in smb.conf, so if the ranges overlap, it should report the error. > > > > You thought wrong then. It tests to see if they are valid so 1000-akjf > is invalid and will throw an error, 1000-2000 is valid and will not > throw an error even if it overlaps with some other range. > > > > > Darned right it is confusing. > > > > It was confusing because the documentation at the time was not complete. > That is no longer the case. > > > > > Yet people still get it wrong. > > > > There is no accounting for what some people do. I have just checked and > a Google search for "winbind ad rfc2307 setup" give a top hit that > explains the ranges must be orthogonal. > > > > > Why are the BUILTIN uid's & gid's not set in stone? and noted > > somewhere and users told 'do not use this range' > > > > Because your set in stone range might already be allocated in the AD. > Not all Samba servers are green field deployments. Some/many have to > integrate into already existing environments and hence admins need the > flexibility to adapt to the environment they find themselves in. > > > > > Also winbind can handle multiple domains so it needs to know > > which > > domain to use to lookup a given UID or GID in. > > > > > > sssd can do this very easily, so your point is? > > > > That is the one thing that sssd cannot do. At least according to the > documents I have read multiple domains with cross domain trusts equals > use winbind. > > Either way there is no way for either sssd or winbind to known which of > the potential multiple domains it should look that up in. You could I > guess take a sledgehammer approach and look it up in all the domains, > but I can think of lots of reasons why that would not be a good idea. > > > JAB. > > -- > Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk > Fife, United Kingdom. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
