samba 4 idmap problem

Kai Blin kai.blin at
Wed Oct 6 23:42:19 MDT 2010

Hash: SHA1

On 2010-10-06 17:35, Taylor, Jonn wrote:
>  Seems that each system is making up it own id's. Both the centos and
> fedora systems have the same idmap settings.
>    idmap uid = 3000000-4000000
>    idmap gid = 3000000-4000000

That means you're not setting an idmap backend, so this defaults to
"tdb" on the 3.5 boxes. In turn, this means that all three systems are
creating id mappings on an as-needed basis, creating uids and gids in
the order of the users/groups that request ids.

Unless you use some scheme that keeps the unixids in sync across the
network, you'll always be seeing this. Possible solutions include using
the "rid" backend to idmap, which will add the sid's RID part to the
idmap base. If you only have users coming in from one domain, that
should be fine for the 3.5 boxes.

The Samba4 idmap implementation is less sophisticated and only knows
about the "tdb"-like counting up unixids. Nothing much that can be done
about this right now. We're currently investigating the most viable way
to fix this.


- -- 
Kai Blin
Worldforge developer
Wine developer
Samba team member
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list