[Samba] Group mapping giving incorrect GIDs

Gerald (Jerry) Carter jerry at samba.org
Thu Nov 10 13:27:44 GMT 2005

Hash: SHA1

Adam Nielsen wrote:
|> group mapping on domain members is mutually exclusive with running
|> winbindd.  Usually that is.
| So you mean if I run winbindd I can't use group mapping?  Are there any
| ways around this?  (Like getting winbindd to check the group map before
| checking the idmap ranges?)
|> If you do not define a idmap uid and idmap gid ranges, then winbindd
|> should fall back to using the group mapping. and you better have
|> mappings for all domain groups.  It's an all or none decision.
| Oh that's interesting.  I tried that but of course as I don't have
| all the domain groups mapped it didn't work (I was hoping it might
| work a little, as there aren't enough UIDs on my system to map all the
| users and that seems to work okay.)

It's an interesting problem.  I'm tied up right now in other
things but one worth pursuing.  The overhead of mixing
winbindd allocated ids and static mappings would be pretty big
I think.  Essentially doubling the lookup for every group name.
You could narrow this down to static mappings for you own
domain and allow winbindd to handle trusted domains.

How many domains are we talking about here?

cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"There's an anonymous coward in all of us."               --anonymous
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba mailing list