[Samba] [samba] idmap question
Rowland Penny
rpenny at samba.org
Thu Aug 10 10:08:55 UTC 2017
On Thu, 10 Aug 2017 11:44:26 +0200
mathias dufresne via samba <samba at lists.samba.org> wrote:
> Hi all,
>
> What is the real purpose if the following lines when using idmap-rid
> or idmap-ad:
>
> # Default idmap config for local BUILTIN accounts and groups
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
> When using the next two lines
>
> # idmap config for the SAMDOM domain
> idmap config SAMDOM : backend = rid [or ad]
> idmap config SAMDOM : range = 10000-999999
>
>
> AD users will be in range 10000-999999, /etc/passwd would be in range
> 0-2999, what kind of users would be added in range 3000-7999?
the '*' range is for the 'BUILTIN' users and groups (more info here:
https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
It is also used for trusted domains that do not have an idmap config
range set in smb.conf.
You can set the ID for a '*' user or group by giving it a uidNumber or
gidNumber, this moves it to the 'DOMAIN' range, the most usual one to
move is 'Domain Users'
Rowland
More information about the samba
mailing list