[Samba] idmap for trusted domain changing over time

devel at thom.fr.eu.org devel at thom.fr.eu.org
Wed Jun 11 06:57:41 GMT 2008


I forgot to precise I'm using 3.0.29

> Hello
>
> I'm experiencing a weird behaviour with idmapping/winbindd.
>
> I have two samba controlled domains with one trusting the other and using
> winbindd to map trusted domain groups and users.
> This works quite well, but after some time, I can see the unix uid/gid
> allocated for the trusted domain groups/users being changed, and this
> keeps on changing approximatively every 2 hours.
> At samba/winbindd startup I have the uid/gid allocated starting at the
> beginning of the range in "idmap alloc config:range" directive.
>
> Also, I may have trouble with my configuration, because the trusted domain
> uid/gid are not allocated in the range given by the "idmap config
> DOMB:range" directive, and at startup, I get the gids allocated to BUILTIN
> groups overlapping the gids allocated to the trusted domain.
>
> Here is the relevant section of my smb.conf :
>
>         idmap domains = DOMB
>         idmap backend =
>         idmap alloc backend = tdb
>         idmap cache time = 900
>         idmap negative cache time = 120
>         idmap uid =
>         idmap gid =
>         template homedir = /home/%D/%U
>         template shell = /bin/false
>         winbind separator = \
>         winbind cache time = 300
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind use default domain = No
>         winbind trusted domains only = No
>         winbind nested groups = Yes
>         winbind nss info = template
>         winbind refresh tickets = No
>         winbind offline logon = No
>         winbind normalize names = No
>         winbind:rpc only = yes
>         idmap config DOMB:range = 4000-4999
>         idmap config DOMB:default = Yes
>         idmap config DOMB:backend = tdb
>         idmap alloc config:range = 3000-4999
>
> Anybody can help ?
>
> --
> François Legal
>
>
> Message scanned by ClamAV engine (http://www.clamav.net)
> --------------------------------------------------------
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>
> Message scanned by ClamAV engine (http://www.clamav.net)
> --------------------------------------------------------
>


-- 
François Legal


Message scanned by ClamAV engine (http://www.clamav.net)
--------------------------------------------------------


More information about the samba mailing list