[Samba] Samba 3.0.28a onwards "allow trusted domains" has no
effect?
simo
idra at samba.org
Wed Sep 10 15:02:15 GMT 2008
On Wed, 2008-09-10 at 16:35 +0200, Volker Lendecke wrote:
> On Wed, Sep 10, 2008 at 12:44:43PM +0000, simo wrote:
> > and optionally (to avoid a 1000 ids hole at the start of each range):
> > idmap config PRIMARYDOMAIN:base_rid = 1000
> > idmap config OTHERDOMAIN:base_rid = 1000
>
> I'd stronly recomment not to use base_rid=1000, because in
> many configurations "Domain Users" is the default primary
> group ID of users. As the well-known RID of "domain users"
> is 513, this prevents all these users from logging in, as
> winbind will not be able to map the primary group's RID
> anymore.
Of course base_rid=500 might work instead (just to save 500 ids that
would be otherwise wasted).
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <simo at redhat.com>
More information about the samba
mailing list