[Likewise-open-discuss] Can this be built on openSUSE 10.2

Gerald (Jerry) Carter jerry at samba.org
Tue Feb 12 02:52:24 PST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jake Summers wrote:
> I am also not sure about the value this offers vis a vis Winbind as
> articulated below, please respond.  Namely does it address the drawback
> with described below; e.g. ADuser1 logs onto machine1 and is given UID1;
> then ADuser2 logs onto machine2 and is given UID2; then ADuser1 logs
> onto machine2 and is given UID3 -- will we have a conflict of UID1 for
> ADuser1 = UID2 for ADuser2, etc.

yes.  The idmap plugin provided with likewise-winbindd uses
a hashing function to ensure that a user and/or group is always
assigned the same uid/gid across all machines.  The idmap plugin
is similar to Samba's idmap_rid but with support for trusted
domains.  On average, it will support up to 500k users per domain
and around 50 domains.

The groups fill 31bits so the uids/gids are probably higher than
you are used to seeing but function no differently.  For example,


$ id
 uid=181931072(AD\gcarter) gid=181928449(AD\domain^users)
 groups=181928448(AD\domain^admins),181928449(AD\domain^users),
 181928454(AD\schema^admins),181928455(AD\enterprise^admins),
 181931056(AD\unixadmins),181931061(AD\unixusers),181931110(AD\ubuntu)

$ getent passwd gcarter at ad.plainjoe.org
AD\gcarter:*:181931072:181928449::/home/AD/gcarter:/bin/bash

$ getent passwd "AD\gcarter"
AD\gcarter:*:181931072:181928449::/home/AD/gcarter:/bin/bash

Also there is support for a "username map" for winbindd.
Let me know if you want more details on this and I'll write
something up.


cheers, jerry
- --
=====================================================================
Samba                                    ------- http://www.samba.org
Likewise Software          ---------  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHsXpoIR7qMdg1EfYRAs4PAJ98ZeEZ/KrdkC8OXmlK5utfGigLAgCghH15
Sh3FR7TkPaVIB8NlECf018I=
=EJVz
-----END PGP SIGNATURE-----

More information about the Likewise-open-discuss mailing list