samba-technical Digest, Vol 40, Issue 6

PETRE Michael mpetre at
Fri Apr 7 07:52:37 GMT 2006


you may want to look into idmap_rid if you only have one domain. From
your problem description you are using the plain idmap which allocates
the UIDs/GIDs on a "first used, first served" basis.

The proper syntax in the smb.conf is like:

idmapbackend              = idmap_rid:'DOMAIN NAME'=5000-10000000
idmapuid                  = 5000-10000000
idmapgid                  = 5000-10000000

The range (5000-10000000) needs to be adapted to your needs, of course.

After the change in config, you need to clear the winbindd tdb and
restart both samba and winbind. If you don't do that, you'll end up
having weird id mapping problems.

If you plan to have more servers in the future and/or if you have more
than one domain with trust relationships, it might be worth looking into
the ldap backend for idmap.

Hope that helps,

On Thu, 2006-04-06 at 11:00 -0700, Tony Bencivenga wrote:
> Anyone able to help out on this ad issue
> We have ha running on two servers with both servers being samba 3.0.14e 
> They keep getting different RIDS for the ADS groups but they are the
> same loades on everything only difference is the machine names.
> I thinking this is a random problem with how samba generates the RIDS ..
> Anyone help out?
> 2 machines samba same build
> One NFS mounted share volume 
> Shares on both machines are the same needing the same RIDS for the
> shares to work properly only was we got this to work ok was to copy the
> cache file /var/cache/samba/*.tdb files to both machines but this seems
> not the right way to do this ??
> Anyone help
> -----Original Message-----
> From: at
> [ at lists.samba.o
> rg] On Behalf Of samba-technical-request at
> Sent: Thursday, April 06, 2006 5:05 AM
> To: samba-technical at
> Subject: samba-technical Digest, Vol 40, Issue 6
> Send samba-technical mailing list submissions to
> 	samba-technical at
> To subscribe or unsubscribe via the World Wide Web, visit
> or, via email, send a message with subject or body 'help' to
> 	samba-technical-request at
> You can reach the person managing the list at
> 	samba-technical-owner at
> When replying, please edit your Subject line so it is more specific than
> "Re: Contents of samba-technical digest..."

More information about the samba-technical mailing list