[Linux-cluster] Re: Linux-cluster Digest, Vol 27, Issue 6

Danny Wall Danny.Wall at health-first.org
Fri Jul 7 16:56:40 UTC 2006 

On Thu, 2006-07-06 at 13:31 -0400, Danny Wall wrote:
<SNIP>
> I suspect I need to use idmap with winbind.
> 

>Yup, your best bet is to use a different idmap setting.  Either setup an
>LDAP backend for SID-uid mappings, or if you don't have any trusted
>domains that need access to your server, you can use the idmap_rid
>backend to generate one from the RID.  (see idmap backend in the
>smb.conf man page)


>Also, you could put the tdb files on the shared storage as well, but
>using ldap or RID would probably be better in the long run.  That way
>your uid values are constant across all your samba servers, this cluster
>or otherwise.

>Thanks, 
>Eric Kerin

Thanks for the reply, Eric. I was starting to look at using idmap_rid. I have read that an LDAP backend for this is not the best way, and I really did not want another LDAP directory to maintain. I do not have to worry about trusted domains, so that is good.

I was considering putting the tdb files on the shared storage, but I think your comment about keeping the uid values consistent across all samba servers is an important consideration.

I will probably research and implement the idmap_rid solution, unless anyone can provide a better solution. Thanks

Danny Wall

********************************************

##############################################################
This message is for the named person's use only.  It may 
contain confidential, proprietary, or legally privileged 
information.  No confidentiality or privilege is waived or 
lost by any mistransmission.  If you receive this message 
in error, please immediately delete it and all copies of it 
from your system, destroy any hard copies of it, and notify 
the sender.  You must not, directly or indirectly, use, 
disclose, distribute, print, or copy any part of this message
if you are not the intended recipient.  Health First reserves
the right to monitor all e-mail communications through its
networks.  Any views or opinions expressed in this message
are solely those of the individual sender, except (1) where
the message states such views or opinions are on behalf of 
a particular entity;  and (2) the sender is authorized by 
the entity to give such views or opinions.
##############################################################

More information about the Linux-cluster mailing list