Hi there,
I'm the process of centralizing user authentication for a medium-sized network
with a few Linux
servers, some of them runnng samba. The idea is migrating all user definitions
from both
/etc/{passwd,shadow,groups} and samba tdb to a central LDAP directory.
Most servers had the same set of users, but as each one was administered in
isolation (no NIS not
all samba servers were part of the same windows domain) there are many
inconsistencies between all
servers.
I have already done my homework and found whenever the same user had different
uids or group
assignments, and planed the steps required to get everything in sync (like
changing file owners).
My question regards sambaAccount x posixAccount in LDAP. Samba docs state that
Unix uids/gids and
Windows SIDs are algoritmically mapped implying that given a Windows user SID
the Unix uid needs to
have a certain value, and vice-versa.
But I wish to change as few as possible existing uid/gids. I see sambaAccount
has a sid field, and
posixAccount has a uid field. So, if I do store values for both, using the ones
from previous
servers, they won't conform to the mapping algoritm.
Is that ok? Or will I have to change either the Windows user sid or the Unix
user uid so
sambaAccount and posixAccout values agree with the mapping algoritm?
[]s, Fernando Lozano
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
