[Linux-cluster] Re: Linux-cluster Digest, Vol 27, Issue 6
Danny Wall
Danny.Wall at health-first.org
Fri Jul 7 16:56:40 UTC 2006
On Thu, 2006-07-06 at 13:31 -0400, Danny Wall wrote:
<SNIP>
> I suspect I need to use idmap with winbind.
>
>Yup, your best bet is to use a different idmap setting. Either setup an
>LDAP backend for SID-uid mappings, or if you don't have any trusted
>domains that need access to your server, you can use the idmap_rid
>backend to generate one from the RID. (see idmap backend in the
>smb.conf man page)
>Also, you could put the tdb files on the shared storage as well, but
>using ldap or RID would probably be better in the long run. That way
>your uid values are constant across all your samba servers, this cluster
>or otherwise.
>Thanks,
>Eric Kerin
Thanks for the reply, Eric. I was starting to look at using idmap_rid. I have read that an LDAP backend for this is not the best way, and I really did not want another LDAP directory to maintain. I do not have to worry about trusted domains, so that is good.
I was considering putting the tdb files on the shared storage, but I think your comment about keeping the uid values consistent across all samba servers is an important consideration.
I will probably research and implement the idmap_rid solution, unless anyone can provide a better solution. Thanks
Danny Wall
********************************************
##############################################################
This message is for the named person's use only. It may
contain confidential, proprietary, or legally privileged
information. No confidentiality or privilege is waived or
lost by any mistransmission. If you receive this message
in error, please immediately delete it and all copies of it
from your system, destroy any hard copies of it, and notify
the sender. You must not, directly or indirectly, use,
disclose, distribute, print, or copy any part of this message
if you are not the intended recipient. Health First reserves
the right to monitor all e-mail communications through its
networks. Any views or opinions expressed in this message
are solely those of the individual sender, except (1) where
the message states such views or opinions are on behalf of
a particular entity; and (2) the sender is authorized by
the entity to give such views or opinions.
##############################################################
More information about the Linux-cluster
mailing list