[Samba] Samba 3.0.28a onwards "allow trusted domains" has no effect?

simo idra at samba.org
Wed Sep 10 15:01:15 GMT 2008

On Wed, 2008-09-10 at 16:35 +0200, Volker Lendecke wrote:
> On Wed, Sep 10, 2008 at 12:44:43PM +0000, simo wrote:
> > and optionally (to avoid a 1000 ids hole at the start of each range):
> > idmap config PRIMARYDOMAIN:base_rid = 1000
> > idmap config OTHERDOMAIN:base_rid = 1000
> I'd stronly recomment not to use base_rid=1000, because in
> many configurations "Domain Users" is the default primary
> group ID of users. As the well-known RID of "domain users"
> is 513, this prevents all these users from logging in, as
> winbind will not be able to map the primary group's RID
> anymore.

Ahh, right! That's why it is not the default :-)


Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <simo at redhat.com>

More information about the samba mailing list