Creating builtingroup fails with NTSTATUS_ACCESS_DENIED with idmap hash backend
Michael Adam
obnox at samba.org
Mon Jul 6 12:59:44 CEST 2015
On 2015-07-06 at 11:44 +0200, Andreas Schneider wrote:
> On Thursday 02 July 2015 21:46:43 Michael Adam wrote:
> > On 2015-07-02 at 07:56 -0700, Partha Sarathi wrote:
> > > Hi,
> > >
> > > Currently we are using samba-4.1.17 as member server to AD. The below is
> > > the idmap settings in smb.conf
> > >
> > > allow trusted domains = yes
> > > idmap config * : backend = tdb
> > > idmap config * : range = 2000000-2999999
> > > idmap config * : backend = hash
> > > idmap config * : range = 10000000-109999999
> >
> > This idmap config is invalid.
> > It specifies the default config ("*") twice,
> > hence only the second settings take effect.
>
> Shouldn't testparm print a warning if we have a PDC and use the hash backend
> for the default idmap config?
I'd say not only on a PDC, but on any configuration!
On the other hand, idmap hash only makes sense when
run as default backend. So it is always bad, and that
was the reason I proposed to remove it. At least
deprecate it for a start..
Michael
> --
> Andreas Schneider GPG-ID: CC014E3D
> Samba Team asn at samba.org
> www.samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150706/19901b6c/attachment.pgp>
More information about the samba-technical
mailing list