[Samba] Samba 3.0.28a onwards "allow trusted domains" has no
effect?
Hari Sekhon
hpsekhon at googlemail.com
Wed Sep 10 14:06:28 GMT 2008
simo wrote:
> I guess a look at the idmap_rid manpage would help then.
>
Ironically I read the entire samba documentation (skipping only the
printing sections) and all the man pages too, but perhaps in overdid it
and missed something...
The thing which surprised me is that everything worked, if testparm had
raised any error or warning, if a service failed to accept the config, I
would have googled and re-read the docs
What really threw me was that this worked fine in 3.0.24 and not in
3.0.28a onwards.
> To have it working as expected on 3.0.25+ you should add the following
> parameter:
>
> idmap domains = PRIMARYDOMAIN OTHERDOMAIN
> idmap config PRIMARYDOMAIN:backend = rid
> idmap config PRIMARYDOMAIN:default = yes
> idmap config OTHERDOMAIN:backend = rid
>
> and remove the:
>
> idmap backend = rid
>
>
> and optionally (to avoid a 1000 ids hole at the start of each range):
> idmap config PRIMARYDOMAIN:base_rid = 1000
> idmap config OTHERDOMAIN:base_rid = 1000
>
>
> see the idmap_rid(8) manpage.
>
I've done all this and it seems to have fixed it on the newer samba
boxes I have.
> Also note that your configuration will probably be ok when we release
> samba 3.3.0, as we modified slightly the code to avoid the 'idmap
> domains' parameters and to make back 'idmap backend' the main backend
> used. But until then your current configuration is not correct for
> 3.0.25+ and the 'idmap config' directives are ignored w/o the idmap
> domains one
>
Thanks
-h
--
Hari Sekhon
More information about the samba
mailing list