[Samba] idmap for trusted domain changing over time
devel at thom.fr.eu.org
devel at thom.fr.eu.org
Wed Jun 11 06:51:09 GMT 2008
Hello
I'm experiencing a weird behaviour with idmapping/winbindd.
I have two samba controlled domains with one trusting the other and using
winbindd to map trusted domain groups and users.
This works quite well, but after some time, I can see the unix uid/gid
allocated for the trusted domain groups/users being changed, and this
keeps on changing approximatively every 2 hours.
At samba/winbindd startup I have the uid/gid allocated starting at the
beginning of the range in "idmap alloc config:range" directive.
Also, I may have trouble with my configuration, because the trusted domain
uid/gid are not allocated in the range given by the "idmap config
DOMB:range" directive, and at startup, I get the gids allocated to BUILTIN
groups overlapping the gids allocated to the trusted domain.
Here is the relevant section of my smb.conf :
idmap domains = DOMB
idmap backend =
idmap alloc backend = tdb
idmap cache time = 900
idmap negative cache time = 120
idmap uid =
idmap gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 300
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
winbind trusted domains only = No
winbind nested groups = Yes
winbind nss info = template
winbind refresh tickets = No
winbind offline logon = No
winbind normalize names = No
winbind:rpc only = yes
idmap config DOMB:range = 4000-4999
idmap config DOMB:default = Yes
idmap config DOMB:backend = tdb
idmap alloc config:range = 3000-4999
Anybody can help ?
--
François Legal
Message scanned by ClamAV engine (http://www.clamav.net)
--------------------------------------------------------
More information about the samba
mailing list