[Samba] NT_STATUS_INVALID_SID
Rowland Penny
rpenny at samba.org
Thu Oct 27 13:15:10 UTC 2016
On Thu, 27 Oct 2016 10:51:08 -0200
Vinicius Bones Silva via samba <samba at lists.samba.org> wrote:
> Wait, now I'm confused. Idmap lines do not need to be set up on the
> DCs? Then how does windows figure's out the ids in the Unix
> Attributes tab? I thought you needed both rfc2307 and idmap on the
> DC and the members.
>
>
>
The DCs have idmap.ldb, this maps users and groups to xidNumbers in the
'3000000' range, the only way to change these numbers on a DC, is to
give your users & groups uidNumber & gidNumber attributes.
I repeat, adding the 'idmap config' lines that are used on a domain
member, to a DC, will not work.
They do nothing, zilch, they are ignored, so do not add them.
The 'Unix Attributes' tab uses the 'uidNumber' and 'gidNumber'
attributes and these override the 'xidNumber' attributes that the DC
uses by default.
Rowland
More information about the samba
mailing list