Creating builtingroup fails with NTSTATUS_ACCESS_DENIED with idmap hash backend

Andreas Schneider asn at samba.org
Mon Jul 6 11:44:54 CEST 2015


On Thursday 02 July 2015 21:46:43 Michael Adam wrote:
> On 2015-07-02 at 07:56 -0700, Partha Sarathi wrote:
> > Hi,
> > 
> > Currently we are using samba-4.1.17 as member server to AD. The below is
> > the idmap settings in smb.conf
> > 
> > allow trusted domains = yes
> > idmap config * : backend = tdb
> > idmap config * : range = 2000000-2999999
> > idmap config  * : backend = hash
> > idmap config  * : range = 10000000-109999999
> 
> This idmap config is invalid.
> It specifies the default config ("*") twice,
> hence only the second settings take effect.

Shouldn't testparm print a warning if we have a PDC and use the hash backend 
for the default idmap config?

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150706/8b500c44/attachment.pgp>


More information about the samba-technical mailing list