The Samba-Bugzilla – Bug 1759
Samba and SFU
Last modified: 2005-07-04 04:36:13 UTC
Hi this is a feature request,
I was wondering if you could add support for Microsoft's SFU schema changes.
I'm running smaba in ADS mode. It works great, you've done a wonderfull job,
but there's one more thing I need. I am looking for a way to keep the UID's
and GID's the same on every samba machine. I tried using the LDAP write back
way (using an OU called IDmap) but it hasn't worked for me. I'm running
Active Directory 2003.
Anyway, my point is that it would be nice if their were a config entry that I
could add to smb.conf that I could specifiy where the uid and gid come from.
Being that when I installed Microsoft's Services for Unix, it made the schema
changes to include uid, gid, home directory, and shell. Since my users
already have the schema entries needed, I wish I could just tell winbind to
look for a specific attribute in in the schema.
Is this something you would consider including?
1)idmap_ldap works (at least against openldap). Since the most common reason for
wanting to have consistent uid's/gid's between winbind machines is the use of
NFS, setting up openldap for idmap should not be excessive ....
2)If you have SFU, you can do authentication to AD without winbind (assuming
your current winbind clients are not serving files or printers to windows
clients), using Kerberos and LDAP.
3)PADL has a plugin which apparently does what you want, you can find it in
xad_oss_plugins on http://www.padl.com/download/
I'll take that as a "NO"
Dont be disappointed too fast :)
I have an (yet unfinished patch) that makes some changes to PADL's
idmap_ad-Plugin and integrates SFU-Accounts better into the
winbindd-architecture (honoring homepath, uidNumbers, etc.).
Once I'll finish it...
guether's pet project :-) CLosing out as later.
Fixed in latest subversion.
Could you please try "winbind enable sfu = yes"
to let winbindd in "security = ads" retrieve homedir and loginshell from ADS.
(Note that the parameter name will change in the next release, so watch the
If you also want to retrieve uid and gid from ADS then use
"idmap backend = ad" in addition.
Please let us know if that works for you