[Samba] bad home path from AD
Rowland Penny
rpenny at samba.org
Fri Apr 5 14:32:51 UTC 2024
On Fri, 5 Apr 2024 16:11:55 +0200
Arnaud Bougeard via samba <samba at lists.samba.org> wrote:
> Hello,
> I followed your advice and therefore deactivated the sssd service and
> therefore the ldap client.
> The NFS and samba file services are still operational.
> How to optimize idmap range values?
>
>
If you are using uidNumber & gidNumber attributes in AD, then you need
to find out what the lowest one is in AD and use this as the start of
the DOMAIN range in your smb.conf, then find the highest one in AD, add
a number to this to allow for growth and use that for the end number in
the range, If your lowest number is 10000 and your highest number is
25000, you could use something like this:
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config DOMAIN : backend = ad
idmap config DOMAIN : range = 10000-99999
If you haven't got any uidNumber or gidNumber attributes in AD, then
you could use the 'rid' backend. This calculates the Unix ID from the
user or group RID and the low DOMAIN range you set in the smb.conf
This would use similar lines to above:
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config DOMAIN : backend = rid
idmap config DOMAIN : range = 10000-99999
Provided you use the same idmap config lines on all Unix domain
members, you will always get the same IDs when using the 'rid' backend.
NOTE: 'DOMAIN' is a placeholder for your NetBIOS name (aka workgroup).
I suggest you read:
man idmap_ad
man idmap_rid
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Rowland
More information about the samba
mailing list