[Samba] Samba 3.0.28a onwards "allow trusted domains" has no effect?

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed Sep 10 14:35:28 GMT 2008

On Wed, Sep 10, 2008 at 12:44:43PM +0000, simo wrote:
> and optionally (to avoid a 1000 ids hole at the start of each range):
> idmap config PRIMARYDOMAIN:base_rid = 1000
> idmap config OTHERDOMAIN:base_rid = 1000

I'd stronly recomment not to use base_rid=1000, because in
many configurations "Domain Users" is the default primary
group ID of users. As the well-known RID of "domain users"
is 513, this prevents all these users from logging in, as
winbind will not be able to map the primary group's RID

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20080910/5fc419a6/attachment.bin

More information about the samba mailing list