wellknown and uid/gid interactions on multi DC samba AD domain
steve
steve at steve-ss.com
Wed May 14 08:22:45 MDT 2014
On Wed, 2014-05-14 at 16:19 +0200, Daniele Dario wrote:
>
> On mer, 2014-05-14 at 16:05 +0200, steve wrote:
> > On Wed, 2014-05-14 at 15:32 +0200, Daniele Dario wrote:
.
> > > Now, can you explain me: if the AD range is 3000000:4000000, why do you
> > > suggest to map my users and groups (adding also Domain Users and Domain
> > > Admins) starting from 4000000? Wouldn't they be out of the given range?
> > > Or that range is the range reserved to Windows staff?
> > >
> > 3000000-4000000 is reserved for idmap. Change the upper limit there if
> > you don't like it. If you choose something within that range for your
> > own objects then you could theoretically clash with it. Windows doesn't
> > care about what range you use.
> > HTH
> > Steve
>
> So basically I can keep in mind that everything added by samba itself
> (machine accounts or "wellknown" objects) would be in the idmap range
> and every account I add (user or group) has to be added starting from
> 4000000?
>
> Daniele.
>
Yes. Keep it simple: avoid clashes no matter how unlikely you feel they
maybe.
More information about the samba-technical
mailing list