[Samba] idmap backend problems

John H Terpstra jht at samba.org
Fri Mar 4 18:44:22 GMT 2005

On Friday 04 March 2005 11:30, Samba wrote:
>  I disagree.   According to the Release Notes the idmap_rid does NOT
> require an LDAP server.  The way I understand it is uses the last part
> of your SID to derive what your UID will be, thus you will have
> consistancy across your Sambas.

Correct. The idmap_rid facility uses the RID as the UID.

> I compiled my samba the same way and it is working however I am
> encountering problems with the winbind daemon while in this mode.  I
> have submitted another topic on this problem.

Please check the documentation in the chapter I added to the 
Samba-HOWTO-Collection that is available on the Samba web site. If you have a 
large number of users or groups it is necessary to disable winbind user and 
group enumeration - otherwise performance issues will eat sambas' heart 
out. :)

NOTE the above point please. In a site with a single domain and around 20,000 
users user and group enumeration would kill the ability to use idmap_rid. 
With these turned off everything seems to work OK.

> Did you setup your /etc/nsswitch.conf file ?

From the posting I am guessing the original poster had done that.

- John T.

> Josh
> -----Original Message-----
> From: samba-bounces+samba=guidemail.com at lists.samba.org
> [mailto:samba-bounces+samba=guidemail.com at lists.samba.org] On Behalf Of
> Paul Gienger
> Posted At: Friday, March 04, 2005 8:39 AM
> Posted To: Samba
> Conversation: [Samba] idmap backend problems
> Subject: Re: [Samba] idmap backend problems
> >After reading the docs, I get the impression that I should use a idmap
> >backend to have consistent uid's. Am I correct?
> Not so much, you're on the right path tho.  The idmap is primarily to
> give a mapping between unix uids and windows SIDs when the users come
> from an AD system or something of that nature.  Basically if you don't
> have real unix users you use winbind and idmap to get it done... if I
> understand correctly.  I don't use either.
> >I don't have an LDAP server, and I'd prefer not to add another service
> >to the chain, so I recompiled samba with
> That's essentially what you need to do unfortunately.  You need to store
> the mapping someplace globally accessable for both machines to read it.
> I see the light bulb going off in your head WRT storing the idmap file
> on an nfs mount or some other shared filesystem, don't do it, it won't
> work.
> --
> Paul Gienger                    Office: 701-281-1884
> Applied Engineering Inc.
> Systems Architect               Fax:    701-281-1322
> URL: www.ae-solutions.com       mailto: pgienger at ae-solutions.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list