Deprecated but still supported "idmap backend" actually
Gerald (Jerry) Carter
jerry at samba.org
Wed Oct 10 19:04:39 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Dmitry Butskoy wrote:
> On Wed, 2007-10-10 at 13:00 -0500, Gerald (Jerry) Carter wrote:
>> "idmap backend = rid:FOO=1000-2000
>> This is incorrect syntax since it implies the trusted domain
>> patch which was never officially supported.
> You have confused me completely :)
> It was correct for 3.0.24, now (3.0.26) the "idmap
> backend" is deprecated at all. What the "trusted domain
> patch" do you say about?..
Sorry. I'm working of memory here. Did you compile Samba
yourself? Or are you using someone;s packages?
>> If you just say "idmap backend = rid" it should be ok
> But how can I specify the range (1000-100000)? IOW what
> to add to the rid to make the uid (f.e. if rid is, say 513, then
> I want gid to be 1513 etc.)
That's actually what the idmap uid and idmap gid values should
do for you.
> Anyway, I know that "idmap backend" is deprecated and
> obsoleted now, but ReleaseNotes mentions that it should
> still work as before (for compatibility). But it does not.
> And since people do like SWAT to configure Samba, and SWAT
> seems to not support "idmap config" yet, the old scheme
> should be preserved and should work...
I agree. No arguements there.
> The problem is the idmap domain name at runtime are
> the string "default domain" instead of the actual doman name,
> and winbindd cannot find such a "domain" (until I change the doman
> ame at AD to 'DEFAULT DOMAIN.COM' 8) )
Nope. This should be equivalent (assuming I don't have typos in
any option names).
idmap domains = FOO
idmap config FOO:backend = rid
idmap config FOO:read_only = yes
idmap config FOO:range = 1000-100000
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical